Date: Sun, 18 Nov 2001 02:08:54 +0100 (CET) From: Matthias Andree <matthias.andree@web.de> To: FreeBSD-gnats-submit@freebsd.org Cc: dwcjr@freebsd.org Subject: ports/32068: Vulnerable to memory exhaustion attack/Update available Message-ID: <20011118010854.8DB912D308@freebsd.emma.line.org>
next in thread | raw e-mail | index | archive | help
>Number: 32068 >Category: ports >Synopsis: Vulnerable to memory exhaustion attack/Update available >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 17 17:10:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.4-STABLE i386 >Organization: >Environment: System: FreeBSD freebsd.emma.line.org 4.4-STABLE FreeBSD 4.4-STABLE #1: Sat Nov 17 17:23:57 CET 2001 root@freebsd.emma.line.org:/usr/obj/usr/src/sys/M2A2 i386 >Description: Postfix-Snapshot is - as announced by Wietse Venema - vulnerable to the same memory exhaustion attack that was reported and fixed for the stable version in 20010228-pl08. An updated version, snapshot-20011116, is available. However, the TLS stuff by Lutz Jänicke is for 20011115, so I'm not adding a patch now because I'm unsure what's more important for the maintainer: TLS ready or memory exhaustion attack bug fixed. >How-To-Repeat: >Fix: update to snapshot-20011116. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011118010854.8DB912D308>