opensmtpd 6.0.3p1-6ubuntu0.2 source package in Ubuntu

Changelog

opensmtpd (6.0.3p1-6ubuntu0.2) eoan-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation, remote code execution
    - debian/patches/CVE-2020-8793_8794.patch: An out of bounds read in smtpd
      allows an attacker to inject arbitrary commands into the envelope file
      which are then executed as root.  Separately, missing privilege
      revocation in smtpctl allows arbitrary commands to be run with the
      _smtpq group.
    -CVE-2020-8793
    -CVE-2020-8794

 -- Mike Salvatore <email address hidden>  Wed, 26 Feb 2020 10:32:06 -0500

Upload details

Uploaded by:
Mike Salvatore on 2020-02-27
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Eoan updates on 2020-03-02 universe misc
Eoan security on 2020-03-02 universe misc

Downloads

File Size SHA-256 Checksum
opensmtpd_6.0.3p1.orig.tar.gz 683.3 KiB 291881862888655565e8bbe3cfb743310f5dc0edb6fd28a889a9a547ad767a81
opensmtpd_6.0.3p1-6ubuntu0.2.debian.tar.xz 31.2 KiB 52996ff5b1be2006d211bd2f723184e058bddd3b3ae2582b5e5d0288659bdb82
opensmtpd_6.0.3p1-6ubuntu0.2.dsc 2.1 KiB f2803dfc113034eaa0f4163a98e10f658679f5c916f9774362ced7f18200149a

View changes file

Binary packages built by this source

opensmtpd: secure, reliable, lean, and easy-to configure SMTP server

 The OpenSMTPD server seeks to be
  * as secure as possible, and uses privilege separation to mitigate
    possible security bugs
  * as reliable as possible: any accepted email must not be lost
  * lean: it covers typical usage cases instead of every obscure one
  * easy to configure, with a configuration syntax reminiscent of the OpenBSD
    Packet Filter's (PF)
  * fast and efficient: it can handle large queues with reasonable performance

opensmtpd-dbgsym: debug symbols for opensmtpd