An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
Release 6.6.3p1 (2020-02-10)
Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.
How to install
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
BZ#1806873 CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]
0
0
BZ#1809060 CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [fedora-all]
This update has been submitted for testing by dfateyev.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
dfateyev edited this update.
dfateyev edited this update.
dfateyev edited this update.
dfateyev edited this update.
dfateyev edited this update.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.