Release 6.6.4p1 (2020-02-24)

  • An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

Release 6.6.3p1 (2020-02-10)

  • Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.

This update has been submitted for testing by dfateyev.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1765905 libasr-1.0.4 is available
0
0
BZ#1797597 CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
0
0
BZ#1801477 opensmtpd-6.6.4p1 is available
0
0
BZ#1806874 CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all]
0
0
BZ#1809061 CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [epel-all]
0
0

Automated Test Results