1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.OPENBSD.ANN

  • OpenBSD Errata: January 30th, 2020 (smtpd_exec)

    From T.J. Townsend@21:1/5 to All on Wed Jan 29 13:50:02 2020
    Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6.

    An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user.

    Binary updates for the amd64, i386, and arm64 platforms are available via
    the syspatch utility. Source code patches can be found on the respective
    errata page:

    https://www.openbsd.org/errata65.html
    https://www.openbsd.org/errata66.html

    After patching, restart the smtpd service.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)