OpenBSD Errata: February 24th, 2020 (smtpd_envelope)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenBSD Errata: February 24th, 2020 (smtpd_envelope)

T.J. Townsend
Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6.

An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.

Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run with the _smtpq group.

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:

After patching, restart the smtpd service.