Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 761945 (CVE-2020-35679, CVE-2020-35680)

Summary: <mail-mta/opensmtpd-6.8.0_p2: Multiple vulnerabilities (CVE-2020-{35679,35680})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: zx2c4
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
mail-mta/opensmtpd-6.8.0_p2
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-27 17:55:41 UTC
CVE-2020-35679 (https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043):

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.


Maintainer, can we stabilize the newer version?
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-27 18:00:29 UTC
Oops, another.

CVE-2020-35680:

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-27 23:56:26 UTC
amd64 done
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-04 09:32:12 UTC
x86 done

all arches done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-04 09:33:29 UTC
Please cleanup, thanks!
Comment 5 Larry the Git Cow gentoo-dev 2021-05-25 20:44:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01f70f00555a35208c1ed6a8bea4991e5a6ebac7

commit 01f70f00555a35208c1ed6a8bea4991e5a6ebac7
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-25 20:44:24 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-25 20:44:24 +0000

    mail-mta/opensmtpd: security cleanup
    
    Bug: https://bugs.gentoo.org/761945
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-mta/opensmtpd/Manifest                  |  1 -
 mail-mta/opensmtpd/opensmtpd-6.7.1_p1.ebuild | 73 ----------------------------
 2 files changed, 74 deletions(-)
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-25 20:45:44 UTC
New GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 08:32:52 UTC
This issue was resolved and addressed in
 GLSA 202105-12 at https://security.gentoo.org/glsa/202105-12
by GLSA coordinator Thomas Deutschmann (whissi).