FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSMTPD -- multiple vulnerabilities

Affected packages
opensmtpd < 5.7.3,1

Details

VuXML ID 42852f72-6bd3-11e5-9909-002590263bf5
Discovery 2015-10-04
Entry 2015-10-06

OpenSMTPD developers report:

fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda

fix remote buffer overflow in unprivileged pony process

reworked offline enqueue to better protect against hardlink attacks

References

URL http://www.openwall.com/lists/oss-security/2015/10/04/2
URL https://www.opensmtpd.org/announces/release-5.7.3.txt