GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jul 29, 2020 5:26 am Post subject: [ GLSA 202007-55 ] libetpan |
 |
|
Gentoo Linux Security Advisory
Title: libetpan: Improper STARTTLS handling (GLSA 202007-55)
Severity: normal
Exploitable: remote
Date: 2020-07-28
Bug(s): #734130
ID: 202007-55
Synopsis
A vulnerability was discovered in libetpan's STARTTLS handling,
possibly allowing an integrity/confidentiality compromise.
Background
libetpan is a portable, efficient middleware for different kinds of mail
access.
Affected Packages
Package: net-libs/libetpan
Vulnerable: < 1.9.4-r1
Unaffected: >= 1.9.4-r1
Architectures: All supported architectures
Description
It was discovered that libetpan was not properly handling state within
the STARTTLS protocol handshake.
Impact
There may be a breach of integrity or confidentiality in connections
made using libetpan with STARTTLS.
Workaround
There is no known workaround at this time.
Resolution
All libetpan users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libetpan-1.9.4-r1"
|
References
CVE-2020-15953 |
|
News & Announcements
