opensmtpd 6.0.3p1-1ubuntu0.2 source package in Ubuntu
Changelog
opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation, remote code execution
- debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
allows an attacker to inject arbitrary commands into the envelope file
which are then executed as root. Separately, missing privilege
revocation in smtpctl allows arbitrary commands to be run with the
_smtpq group.
-CVE-2020-8793
-CVE-2020-8794
-- Mike Salvatore <email address hidden> Wed, 26 Feb 2020 10:40:28 -0500
Upload details
- Uploaded by:
- Mike Salvatore
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | updates | universe | misc | |
| Bionic | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| opensmtpd_6.0.3p1.orig.tar.gz | 683.3 KiB | 291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81 |
| opensmtpd_6.0.3p1-1ubuntu0.2.debian.tar.xz | 27.9 KiB | 830332dd84c8512f797164bb9437eb537fc2d1cbf9a6661b8bc19d5e7562805d |
| opensmtpd_6.0.3p1-1ubuntu0.2.dsc | 2.1 KiB | 130713a180997329b4cf61ea8a8e0980872e12e3a1f81c2eb6d9a8bcc2368197 |
Available diffs
Binary packages built by this source
- opensmtpd: secure, reliable, lean, and easy-to configure SMTP server
The OpenSMTPD server seeks to be
* as secure as possible, and uses privilege separation to mitigate
possible security bugs
* as reliable as possible: any accepted email must not be lost
* lean: it covers typical usage cases instead of every obscure one
* easy to configure, with a configuration syntax reminiscent of the OpenBSD
Packet Filter's (PF)
* fast and efficient: it can handle large queues with reasonable performance
- opensmtpd-dbgsym: debug symbols for opensmtpd
