openSUSE-SU-2020:1454-1

Опубликовано: 19 сент. 2020

Источник: suse-cvrf

Описание

Security update for libetpan

This update for libetpan fixes the following issues:

Update to 1.9.4 (boo#1174579, CVE-2020-15953):

Bugfixes on QUOTA
Varios warning fixes & build fixes

Update to version 1.9.3

Added IMAP CLIENTID / SMTP CLIENTID support
Use Cyrus SASL 2.1.27

Update to version 1.9.2

Support of TLS SNI
LMDB for cache DB
Fixed build with recent versions of curl

Список пакетов

openSUSE Leap 15.2

libetpan-devel-1.9.4-lp152.3.3.1

libetpan20-1.9.4-lp152.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2C43BTUZHFPWURMDLREL4PZZRBRGC5U/
E-Mail link for openSUSE-SU-2020:1454-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1174579
SUSE Bug 1174579
https://www.suse.com/security/cve/CVE-2020-15953/
SUSE CVE CVE-2020-15953 page

Описание

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

Затронутые продукты

openSUSE Leap 15.2:libetpan-devel-1.9.4-lp152.3.3.1

openSUSE Leap 15.2:libetpan20-1.9.4-lp152.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15953.html
CVE-2020-15953
https://bugzilla.suse.com/1174579
SUSE Bug 1174579

openSUSE-SU-2020:1454-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-15953

Описание

Затронутые продукты

Ссылки