Issues fixed in this release (since 5.7.1): =========================================== - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;
@Jason: Please do not fix security bugs yourself. We further need to stabilize 5.7.2 on amd64 and x86 (and clean up the vulnerable versions after that). If you as the maintainer are okay with stabilizing 5.7.2, please add arches.
I had already done all of those things before closing the bug, actually.
@Jason: Thanks for your quick response
CVE Requested here - http://seclists.org/oss-sec/2015/q4/34
This issue was resolved and addressed in GLSA 201601-04 at https://security.gentoo.org/glsa/201601-04 by GLSA coordinator Sergey Popov (pinkbyte).