msmtp: X.509 NULL spoofing vulnerability

Background

msmtp is an SMTP client and SMTP plugin for mail user agents such as Mutt.

Description

A vulnerability have been discovered in msmtp. Please review the CVE identifier referenced below for details.

Impact

A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using msmtp.

Workaround

There is no known workaround at this time.

Resolution

All msmtp users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/msmtp-1.4.19"