FEDORA-2016-828a156ea3

bugfix update in Fedora 24 for opensmtpd

Status: stable 2 years ago

Changes in this release (since 6.0.1):


  • A bug in the smtp session logic can lead to hanging sessions. [1]
  • A bug in portable OpenSMTPD can lead to a server crash if PAM support is disabled and an attacker send a mail to an account that has been disabled by setting password to a value that is causing the crypt() call to fail. [2]

[1] found and reported by James Pole

[2] found and reported by Patrick Seeburger (CVE-2016-8594)


Changes in this release (since 6.0.0):


  • A bug in the smtp session logic can lead to a server crash. [1]

[1] found and reported by Mickael Torres, thanks !

How to install

sudo dnf upgrade --advisory=FEDORA-2016-828a156ea3

Comments 6

This update has been submitted for testing by dfateyev.

This update has obsoleted opensmtpd-6.0.1p1-1.fc24, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by dfateyev.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
bugfix
Update Severity
unspecified
Karma
0
stable threshold: 1
unstable threshold: -1
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 2

00 #1381402
00 #1384046

Automated Test Results