| version 1.4, 2015/09/28 19:44:59 |
version 1.5, 2015/10/02 02:26:38 |
|
|
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
| |
<li id="004_smtpd"> |
| |
<font color="#009000"><strong>004: SECURITY FIX: October 1, 2015</strong></font> |
| |
<i>All architectures</i><br> |
| |
Fix multiple reliability and security issues in smtpd:<br> |
| |
<ul> |
| |
<li>local and remote users could make smtpd crash or stop serving requests. |
| |
<li>a buffer overflow in the unprivileged, non-chrooted smtpd (lookup) |
| |
process could allow a local user to cause a crash or potentially |
| |
execute arbitrary code. |
| |
<li>a use-after-free in the unprivileged, non-chrooted smtpd (lookup) |
| |
process could allow a remote attacker to cause a crash or potentially |
| |
execute arbitrary code. |
| |
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
| |
leak the first line of an arbitrary file. |
| |
</ul> |
| |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/004_smtpd.patch.sig"> |
| |
A source code patch exists which remedies this problem.</a> |
| |
<p> |
| |
|
| </ul> |
</ul> |
| |
|
| <hr> |
<hr> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata58.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www