ASA-202002-13: opensmtpd: arbitrary command execution

Arch Linux 804 Published 2020-03-06 06:03 by Philipp Esselbach

News

An opensmtpd security update has been released for Arch Linux.

Arch Linux Security Advisory ASA-202002-13
==========================================

Severity: Critical
Date : 2020-02-29
CVE-ID : CVE-2020-8794
Package : opensmtpd
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1105

Summary
=======

The package opensmtpd before version 6.6.4p1-1 is vulnerable to
arbitrary command execution.

Resolution
==========

Upgrade to 6.6.4p1-1.

# pacman -Syu "opensmtpd>=6.6.4p1-1"

The problem has been fixed upstream in version 6.6.4p1.

Workaround
==========

None.

Description
===========

An out-of-bounds read vulnerability has been found in the client-side
code of OpenSMTPD

RHSA-2020:0726-01: Important: sudo security update

DLA 2134-1: pdfresurrect security update

Windows

Windows 10 967
Windows 10 KB5046714 (OS Build 19045.5198) Preview released
2024-11-22 06:55 by Philipp Esselbach
Windows 11 501
Windows 11 Insider Preview Build 27754 (Canary Channel) released
2024-11-21 07:17 by Philipp Esselbach
Windows 11 501
Windows 11 LTSC KB5046696 (OS Build 26100.2240) released
2024-11-20 08:12 by Philipp Esselbach

Linux

Linux 2962
Linux Kernel 6.11.10 released
2024-11-22 16:44 by Philipp Esselbach
Linux 2962
Linux Kernel 6.6.63 released
2024-11-22 16:44 by Philipp Esselbach
Linux 2962
Linux Kernel 6.1.119 released
2024-11-22 16:44 by Philipp Esselbach

macOS

Apple 10249
macOS Sequoia 15.1.1 released
2024-11-20 07:40 by Philipp Esselbach
Apple 10249
visionOS 2.1.1 released
2024-11-20 07:40 by Philipp Esselbach
Apple 10249
iOS 18.1.1 and iPadOS 18.1.1 released
2024-11-20 07:40 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...