[SECURITY] Fedora Extras Update: ssmtp-2.61-11fc[5,6,devel]

Manuel Wolfshant wolfy at nobugconsulting.ro
Sat Dec 9 18:52:50 UTC 2006

Product:    Fedora Extras [5 6 devel]
Name:       ssmtp
Version:    2.61-11[FE 5 6 devel]
Summary:    Extremely simple MTA to get mail off the system to a Mailhub
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.
Update Information:

Ben XO discovered that during the AUTH LOGIN phase, ssmtp <= 2.61-10 leaks (in BASE64 encoded form) the password used.
Details are available at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369542

Fedora Extras versions earlier then the version mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.

This update can be installed with the 'yum' update program.  Use 'yum
update package-name' at the command line.  For more information, refer
to 'Managing Software with yum,' available at

More information about the package-announce mailing list