Publishing details

• Published on 2020-03-02
• Copied from ubuntu bionic in PPA for Ubuntu Security Proposed by Mike Salvatore

Changelog

opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.
    -CVE-2020-8793
    -CVE-2020-8794

 -- Mike Salvatore <email address hidden>  Wed, 26 Feb 2020 10:40:28 -0500

Builds

• amd64
• arm64
• armhf
• i386
• ppc64el
• s390x

Built packages

• opensmtpd secure, reliable, lean, and easy-to configure SMTP server

• opensmtpd-dbgsym debug symbols for opensmtpd

Package files

• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_amd64.ddeb (1023.1 KiB)
• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_arm64.ddeb (1.0 MiB)
• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_armhf.ddeb (1002.9 KiB)
• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_i386.ddeb (922.0 KiB)
• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_ppc64el.ddeb (1.1 MiB)
• opensmtpd-dbgsym_6.0.3p1-1ubuntu0.2_s390x.ddeb (1.0 MiB)
• opensmtpd_6.0.3p1-1ubuntu0.2.debian.tar.xz (27.9 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2.dsc (2.1 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_amd64.deb (254.7 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_arm64.deb (221.3 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_armhf.deb (227.4 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_i386.deb (279.1 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_ppc64el.deb (257.6 KiB)
• opensmtpd_6.0.3p1-1ubuntu0.2_s390x.deb (235.3 KiB)
• opensmtpd_6.0.3p1.orig.tar.gz (683.3 KiB)