Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Backports SLE-15-SP5: 2024:0243-1 Critical: MiTM and SMTP Issues

opensuse
Calendar Grey August 16, 2024
Dist Opensuse Esm H88
An important release for python-aiosmtpd addresses two serious security flaws, specifically Man-in-the-Middle (MiTM) threats and SMTP smuggling exploits.
An update that fixes two vulnerabilities is now available

Description

This update for python-aiosmtpd fixes the following issues:

- CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted

commands after STARTTLS (boo#1224467)

- CVE-2024-27305: Fixed SMTP smuggling (boo#1221328)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-243=1

Package List

- openSUSE Backports SLE-15-SP5 (noarch):

python3-aiosmtpd-1.2.1-bp155.3.3.1

References

https://www.suse.com/security/cve/CVE-2024-27305.html

https://www.suse.com/security/cve/CVE-2024-34083.html

https://bugzilla.suse.com/1221328

https://bugzilla.suse.com/1224467

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2024:0243-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here