openSUSE-SU-2021:1642-1

Опубликовано: 30 дек. 2021

Источник: suse-cvrf

Описание

Security update for postrsd

postrsd was updated to release 1.11 [boo#1180251]:

Drop group privileges as well as user privileges
Fixed: The subprocess that talks to Postfix could be caused to hang with a very long email address. [CVE-2020-35573]

Update to release 1.6
- Fix endianness issue with SHA-1 implementation
- Add dual stack support
- Make SRS separator configurable

postsrsd-1.11-bp153.2.3.1

postsrsd-1.11-bp153.2.3.1

srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.

SUSE Package Hub 15 SP3:postsrsd-1.11-bp153.2.3.1

openSUSE Leap 15.3:postsrsd-1.11-bp153.2.3.1