[SECURITY] Fedora 17 Update: ssmtp-2.61-20.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 4 01:02:08 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-10128
2013-06-06 00:49:09
--------------------------------------------------------------------------------
Name : ssmtp
Product : Fedora 17
Version : 2.61
Release : 20.fc17
URL : http://packages.debian.org/stable/mail/ssmtp
Summary : Extremely simple MTA to get mail off the system to a Mailhub
Description :
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.
WARNING: the above is all it does; it does not receive mail nor manage queues.
That belongs on a mail hub with a system administrator.
--------------------------------------------------------------------------------
Update Information:
Removes world read access from the configuration file thus prohibiting reading of the password stored inside it.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 4 2013 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-20
- remove world readable permissions of the config file (#962988)
* Sun Oct 14 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-19
- Optional separation of TLS client key and certificate files
- Add patch enabling verification of TLS server ( #864894 )
- Correct %description and the source in order to reflect that sSMTP expands aliases
which are read from a plain text file
* Sat Jun 30 2012 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.61-18
- Apply patch to fix addition of garbage at end of attachments
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #962988 - ssmtp.conf is world readble which is a security risk when using a password authentication
https://bugzilla.redhat.com/show_bug.cgi?id=962988
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ssmtp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list