• OpenSMTPD vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, February 05, 2020 12:10:10
    OpenSMTPD vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS

    Summary

    OpenSMTPD could be made to run programs as root if it received
    specially crafted input over the network.

    Software Description

    * opensmtpd - secure, reliable, lean, and easy-to configure SMTP
    server

    Details

    It was discovered that OpenSMTPD incorrectly verified the sender's
    or receiver's e-mail addresses under certain conditions. An
    attacker could use this vulnerability to execute arbitrary
    commands as root.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    opensmtpd - 6.0.3p1-6ubuntu0.1

    Ubuntu 18.04 LTS
    opensmtpd - 6.0.3p1-1ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-7247

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)