Publishing details


opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.

 -- Mike Salvatore <email address hidden>  Wed, 26 Feb 2020 10:40:28 -0500

Available diffs


Built packages

Package files