FEDORA-2020-31216ab928 created by dfateyev 2 years ago for Fedora 30
stable

Release 6.6.4p1 (2020-02-24)

  • An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

Release 6.6.3p1 (2020-02-10)

  • Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2020-31216ab928

This update has been submitted for testing by dfateyev.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

fweimer edited this update.

2 years ago
User Icon sdgathman commented & provided feedback 2 years ago
karma

CVE-2020-8794 for this important security patch

Seems to still work in peer2peer mode (raw IPv6 addresses instead of domains). I didn't run the exploit, as I only send to trusted peers. But if I get to it, I'll add another comment.

BZ#1801477 opensmtpd-6.6.4p1 is available

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1801477 opensmtpd-6.6.4p1 is available
0
1

Automated Test Results