Contributed by pitrh on from the love letters in the sand dept.
The vulnerability known as CVE-2014-3956 could allow local users to interfere with open SMTP connections, and it is strongly advised that any sendmail users out there patch their systems without undue delay.
Patches are available for OpenBSD 5.4 and OpenBSD 5.5 as patch 011 and patch 007 respectively.
It is worth noting that from OpenBSD 5.6 onwards (to be released November 1st, 2014), OpenSD's own OpenSMTPD will be the default MTA.
(Comments are closed)
By rjc (rjc) rafal.czlonka@gmail.com on
Comments
By Anonymous Coward (65.255.177.102) on
and why on earth is this old story above the fold about the OpenSSL Stuff. reallly, this site has gotten disconnected from reality.
Comments
By Sebastian Rother (91.65.156.131) on
>
> and why on earth is this old story above the fold about the OpenSSL Stuff. reallly, this site has gotten disconnected from reality.
Because the sendmail patches got added to the errata but the OpenSSL patches are not yet linked....?! Just a logical assumption...
By Chris (50.71.129.10) on
>
> and why on earth is this old story above the fold about the OpenSSL Stuff. reallly, this site has gotten disconnected from reality.
There's a fold?
By Janne Johansson (jj) on http://www.inet6.se
>
> and why on earth is this old story above the fold about the OpenSSL Stuff. reallly, this site has gotten disconnected from reality.
Sorry if you are disappointed, you will get all your money back.