version 1.39, 2015/08/11 22:00:08 |
version 1.40, 2015/10/02 02:26:38 |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
<li id="031_smtpd"> |
|
<font color="#009000"><strong>031: SECURITY FIX: October 1, 2015</strong></font> |
|
<i>All architectures</i><br> |
|
Fix multiple reliability and security issues in smtpd:<br> |
|
<ul> |
|
<li>local and remote users could make smtpd crash or stop serving requests. |
|
<li>a buffer overflow in the unprivileged, non-chrooted smtpd (lookup) |
|
process could allow a local user to cause a crash or potentially |
|
execute arbitrary code. |
|
<li>a use-after-free in the unprivileged, non-chrooted smtpd (lookup) |
|
process could allow a remote attacker to cause a crash or potentially |
|
execute arbitrary code. |
|
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
|
leak the first line of an arbitrary file. |
|
</ul> |
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/031_smtpd.patch.sig"> |
|
A source code patch exists which remedies this problem.</a> |
|
<p> |
|
|
</ul> |
</ul> |
|
|
<hr> |
<hr> |