[SECURITY] Fedora Extras Update: ssmtp-2.61-11fc[5,6,devel]
Manuel Wolfshant
wolfy at nobugconsulting.ro
Sat Dec 9 18:52:50 UTC 2006
Product: Fedora Extras [5 6 devel]
Name: ssmtp
Version: 2.61-11[FE 5 6 devel]
Summary: Extremely simple MTA to get mail off the system to a Mailhub
Description:
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.
---------------------------------------------------------------------
Update Information:
Ben XO discovered that during the AUTH LOGIN phase, ssmtp <= 2.61-10 leaks (in BASE64 encoded form) the password used.
Details are available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369542
Fedora Extras versions earlier then the version mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.
---------------------------------------------------------------------
This update can be installed with the 'yum' update program. Use 'yum
update package-name' at the command line. For more information, refer
to 'Managing Software with yum,' available at
http://fedora.redhat.com/docs/yum/
More information about the package-announce
mailing list