opensmtpd 6.0.3p1-1ubuntu0.2 source package in Ubuntu


opensmtpd (6.0.3p1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.

 -- Mike Salvatore <email address hidden>  Wed, 26 Feb 2020 10:40:28 -0500

Upload details

Uploaded by:
Mike Salvatore on 2020-02-27
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2020-03-02 universe misc
Bionic security on 2020-03-02 universe misc


File Size SHA-256 Checksum
opensmtpd_6.0.3p1.orig.tar.gz 683.3 KiB 291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81
opensmtpd_6.0.3p1-1ubuntu0.2.debian.tar.xz 27.9 KiB 830332dd84c8512f797164bb9437eb537fc2d1cbf9a6661b8bc19d5e7562805d
opensmtpd_6.0.3p1-1ubuntu0.2.dsc 2.1 KiB 130713a180997329b4cf61ea8a8e0980872e12e3a1f81c2eb6d9a8bcc2368197

View changes file

Binary packages built by this source

opensmtpd: secure, reliable, lean, and easy-to configure SMTP server

 The OpenSMTPD server seeks to be
  * as secure as possible, and uses privilege separation to mitigate
    possible security bugs
  * as reliable as possible: any accepted email must not be lost
  * lean: it covers typical usage cases instead of every obscure one
  * easy to configure, with a configuration syntax reminiscent of the OpenBSD
    Packet Filter's (PF)
  * fast and efficient: it can handle large queues with reasonable performance

opensmtpd-dbgsym: debug symbols for opensmtpd