[ubuntu/eoan-security] opensmtpd 6.0.3p1-6ubuntu0.2 (Accepted)

Mike Salvatore mike.salvatore at canonical.com
Mon Mar 2 16:10:29 UTC 2020

opensmtpd (6.0.3p1-6ubuntu0.2) eoan-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.

Date: 2020-02-27 18:42:15.373049+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Eoan-changes mailing list