[ubuntu/eoan-updates] opensmtpd 6.0.3p1-6ubuntu0.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 2 16:28:11 UTC 2020


opensmtpd (6.0.3p1-6ubuntu0.2) eoan-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.
    -CVE-2020-8793
    -CVE-2020-8794

Date: 2020-02-27 18:42:15.373049+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-6ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Eoan-changes mailing list