Описание
Security update for postsrsd
This update for postsrsd fixes the following issues:
Update to release 1.11 [boo#1180251]
- Drop group privileges as well as user privileges
- Fixed: The subprocess that talks to Postfix could be caused to hang with a very long email address. [CVE-2020-35573]
Update to release 1.6
- Fix endianness issue with SHA-1 implementation
- Add dual stack support
- Make SRS separator configurable
Список пакетов
openSUSE Leap 15.2
postsrsd-1.11-lp152.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0646-1
- SUSE Security Ratings
- SUSE Bug 1180251
- SUSE CVE CVE-2020-35573 page
Описание
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
Затронутые продукты
openSUSE Leap 15.2:postsrsd-1.11-lp152.4.3.1
Ссылки
- CVE-2020-35573
- SUSE Bug 1180251