[security] Security Advisories
Lorenzo Iannuzzi
nakis a libero.it
Sab 8 Maggio 2004 20:32:30 CEST
http://www.openpkg.org/security.html
Two format string bugs were discovered in sSMTP, a simple
sending-only Mail Transport Agent (MTA). Untrusted values in the
functions die() and log_event() were passed to printf(3)-like
functions as format strings. These vulnerabilities could potentially
allow remote mail relays to cause a Denial of Service (DoS) and
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CAN-2004-0156 to the
problem.
https://bugzilla.fedora.us/show_bug.cgi?id=1395
Updated OpenSSL packages that fix remote denial of service vulnerabilities
are now available.
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security