SUSE has issued an advisory on August 25: https://lists.suse.com/pipermail/sle-security-updates/2021-August/009358.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
'libesmtp' has no registered nor evident maintainer, so having to assign this globally.
Assignee: bugsquad => pkg-bugs
openSUSE has issued an advisory for this today (September 3): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TGZ4L5IPYNOJTWC7WZTAMPSFHIGKXQAE/
Status comment: (none) => Patch available from openSUSE
Suggested advisory: ======================== The updated packages fix a security vulnerability: libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. (CVE-2019-19977) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19977 https://lists.suse.com/pipermail/sle-security-updates/2021-August/009358.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TGZ4L5IPYNOJTWC7WZTAMPSFHIGKXQAE/ ======================== Updated packages in core/updates_testing: ======================== lib(64)esmtp6-1.0.6-12.1.mga8 lib(64)esmtp-devel-1.0.6-12.1.mga8 from SRPM: libesmtp-1.0.6-12.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2019-19977Whiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroStatus comment: Patch available from openSUSE => (none)Version: Cauldron => 8
MGA8-64 Plasma on Lenovo B50 No installation issues. No previous updates or wiki entry, so # urpmq --whatrequires lib64esmtp6 lib64esmtp-devel lib64esmtp-devel lib64esmtp6 pacemaker syslog-ng-smtp [root@mach5 ~]# urpmq --whatrequires-recursive lib64esmtp6 crmsh crmsh-test drbd-utils-pacemaker lib64esmtp-devel lib64esmtp-devel lib64esmtp6 lib64pacemaker-devel pacemaker syslog-ng-smtp Pacemaker has to do with clusters of computers and crmsh is just a CLI to pacemaker, and syslog-ng-smtp has to do with sending log messages from an smtp server. All out f my league........
CC: (none) => herman.viaene
Same here, Herman. I'm going to pass it on based on your clean install. Validating. Advisory in Comment 3.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0503.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED