[ubuntu/bionic-updates] opensmtpd 6.0.3p1-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 2 16:28:10 UTC 2020
opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation, remote code execution
- debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
allows an attacker to inject arbitrary commands into the envelope file
which are then executed as root. Separately, missing privilege
revocation in smtpctl allows arbitrary commands to be run with the
_smtpq group.
-CVE-2020-8793
-CVE-2020-8794
Date: 2020-02-27 18:42:23.961454+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list