Fedora 32 Moderate: OpensmtpD Memory Leak Advisory 2021-71fbdecdf8

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined

by RFC 5321, with some additional standard extensions. It allows ordinary

machines to exchange e-mails with other systems speaking the SMTP protocol.

Started out of dissatisfaction with other implementations, OpenSMTPD nowadays

is a fairly complete SMTP implementation. OpenSMTPD is primarily developed

by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from

various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project.

The software is freely usable and re-usable by everyone under an ISC license.

This package uses standard "alternatives" mechanism, you may call

"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd"

if you want to switch to OpenSMTPD MTA immediately after install, and

"/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to revert

back to Sendmail as a default mail daemon.

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for

OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a

resolver memory leak as well as a regex table memory leak - Fixed a bug in the

filters state machine leading to a possible crash of the daemon - Fixed the

logging format which output truncated process names on some systems - Fixed

build on macOS - Various man page improvements

* Wed Jan 20 2021 Denis Fateyev - 6.8.0p2-1

- Update to 6.8.0p2 release

* Thu Sep 17 2020 Denis Fateyev - 6.7.1p1-3

- Rebuild for libevent soname change

* Tue Jul 28 2020 Fedora Release Engineering - 6.7.1p1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[ 1 ] Bug #1910343 - opensmtpd-6.8.0p2 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1910343

[ 2 ] Bug #1911290 - CVE-2020-35679 opensmtpd: memory leak via messages to an instance that performs many regex lookups due to a missing regfree call [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1911290

[ 3 ] Bug #1911294 - CVE-2020-35680 opensmtpd: NULL pointer dereference via a crafted pattern of client activity [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1911294

su -c 'dnf upgrade --advisory FEDORA-2021-71fbdecdf8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/