Fedora Linux 8791 Published by

An opensmtpd security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: opensmtpd-6.8.0p2-1.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-848fd34b0b
2021-01-30 01:53:46.555441
--------------------------------------------------------------------------------

Name : opensmtpd
Product : Fedora 33
Version : 6.8.0p2
Release : 1.fc33
URL :   http://www.opensmtpd.org/
Summary : Free implementation of the server-side SMTP protocol as defined by RFC 5321
Description :
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined
by RFC 5321, with some additional standard extensions. It allows ordinary
machines to exchange e-mails with other systems speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD nowadays
is a fairly complete SMTP implementation. OpenSMTPD is primarily developed
by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from
various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.
The software is freely usable and re-usable by everyone under an ISC license.

This package uses standard "alternatives" mechanism, you may call
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"
if you want to switch to OpenSMTPD MTA immediately after install, and
"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to revert
back to Sendmail as a default mail daemon.

--------------------------------------------------------------------------------
Update Information:

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for
OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a
resolver memory leak as well as a regex table memory leak - Fixed a bug in the
filters state machine leading to a possible crash of the daemon - Fixed the
logging format which output truncated process names on some systems - Fixed
build on macOS - Various man page improvements
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 20 2021 Denis Fateyev - 6.8.0p2-1
- Update to 6.8.0p2 release
* Thu Sep 17 2020 Denis Fateyev - 6.7.1p1-3
- Rebuild for libevent soname change
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1910343 - opensmtpd-6.8.0p2 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=1910343
[ 2 ] Bug #1911290 - CVE-2020-35679 opensmtpd: memory leak via messages to an instance that performs many regex lookups due to a missing regfree call [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1911290
[ 3 ] Bug #1911294 - CVE-2020-35680 opensmtpd: NULL pointer dereference via a crafted pattern of client activity [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1911294
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-848fd34b0b' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys