Publishing details
Changelog
opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation, remote code execution
- debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
allows an attacker to inject arbitrary commands into the envelope file
which are then executed as root. Separately, missing privilege
revocation in smtpctl allows arbitrary commands to be run with the
_smtpq group.
-CVE-2020-8793
-CVE-2020-8794
-- Mike Salvatore <email address hidden> Wed, 26 Feb 2020 10:40:28 -0500
Builds
Built packages
-
opensmtpd
secure, reliable, lean, and easy-to configure SMTP server
-
opensmtpd-dbgsym
debug symbols for opensmtpd
Package files