ASA-202002-13: opensmtpd: arbitrary command execution

Arch Linux 754 Published 2020-03-06 06:03 by Philipp Esselbach

News

An opensmtpd security update has been released for Arch Linux.

Arch Linux Security Advisory ASA-202002-13
==========================================

Severity: Critical
Date : 2020-02-29
CVE-ID : CVE-2020-8794
Package : opensmtpd
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1105

Summary
=======

The package opensmtpd before version 6.6.4p1-1 is vulnerable to
arbitrary command execution.

Resolution
==========

Upgrade to 6.6.4p1-1.

# pacman -Syu "opensmtpd>=6.6.4p1-1"

The problem has been fixed upstream in version 6.6.4p1.

Workaround
==========

None.

Description
===========

An out-of-bounds read vulnerability has been found in the client-side
code of OpenSMTPD

RHSA-2020:0731-01: Important: virt:8.1 and virt-devel:8.1 security and enhancement update

DLA 2135-1: jackson-databind security update

Windows

Software 42321
Winpilot 2024.5.4 released
2024-04-30 15:49 by Philipp Esselbach
Software 42321
WSL2 Distro Manager 1.8.13 released
2024-04-29 07:43 by Philipp Esselbach
Software 42321
Simplewall 3.8.1 released
2024-04-28 07:24 by Philipp Esselbach

Linux

Software 42321
FEX Release FEX-2405 released
2024-05-02 22:11 by Philipp Esselbach
Software 42321
pgAdmin 4 8.6 released
2024-05-02 22:09 by Philipp Esselbach
Software 42321
Proton 9.0-1 released
2024-05-02 22:02 by Philipp Esselbach

macOS

Apple 10164
iOS 17.5 and iPadOS 17.5 Beta 4 released
2024-05-01 07:10 by Philipp Esselbach
Apple 10164
macOS Sonoma 14.5 Beta 4 released
2024-05-01 07:10 by Philipp Esselbach
Apple 10164
tvOS 17.5 Beta 4 released
2024-05-01 07:10 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...