[SECURITY] Fedora 17 Update: ssmtp-2.61-20.fc17

updates at fedoraproject.org updates at fedoraproject.org
Thu Jul 4 01:02:08 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-10128
2013-06-06 00:49:09
--------------------------------------------------------------------------------

Name        : ssmtp
Product     : Fedora 17
Version     : 2.61
Release     : 20.fc17
URL         : http://packages.debian.org/stable/mail/ssmtp
Summary     : Extremely simple MTA to get mail off the system to a Mailhub
Description :
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.

WARNING: the above is all it does; it does not receive mail nor manage queues.
That belongs on a mail hub with a system administrator.

--------------------------------------------------------------------------------
Update Information:

Removes world read access from the configuration file thus prohibiting reading of the password stored inside it.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  4 2013 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-20
- remove world readable permissions of the config file (#962988)
* Sun Oct 14 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-19
- Optional separation of TLS client key and certificate files
- Add patch enabling verification of TLS server ( #864894 )
- Correct %description and the source in order to reflect that sSMTP expands aliases
 which are read from a plain text file
* Sat Jun 30 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-18
- Apply patch to fix addition of garbage at end of attachments
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #962988 - ssmtp.conf is world readble which is a security risk when using a password authentication
        https://bugzilla.redhat.com/show_bug.cgi?id=962988
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ssmtp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list