[SECURITY] Fedora Extras Update: ssmtp-2.61-11fc[5,6,devel]

Manuel Wolfshant wolfy at nobugconsulting.ro
Sat Dec 9 18:52:50 UTC 2006


Product:    Fedora Extras [5 6 devel]
Name:       ssmtp
Version:    2.61-11[FE 5 6 devel]
Summary:    Extremely simple MTA to get mail off the system to a Mailhub
Description:
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.
---------------------------------------------------------------------
Update Information:

Ben XO discovered that during the AUTH LOGIN phase, ssmtp <= 2.61-10 leaks (in BASE64 encoded form) the password used.
Details are available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369542


Fedora Extras versions earlier then the version mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.

---------------------------------------------------------------------
This update can be installed with the 'yum' update program.  Use 'yum
update package-name' at the command line.  For more information, refer
to 'Managing Software with yum,' available at
http://fedora.redhat.com/docs/yum/





More information about the package-announce mailing list