Diffusion FreeBSD ports repository rP524529

mil/opensmtpd: update to 6.6.2p1 relase
rP524529
Actions

Description

mil/opensmtpd: update to 6.6.2p1 relase

This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
https://www.openwall.com/lists/oss-security/2020/01/28/3

This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
smtpd to new grammar") and allows an attacker to execute arbitrary shell
commands, as root:

either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost);

or locally and remotely, in OpenSMTPD's "uncommented" default configuration (which listens on all interfaces and accepts external mail).

PR: 243686
Reported by: authors via irc
MFH: 2020Q1
Relnotes: https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

Details

Provenance

fluffy

Authored on

Parents

rP524528: japanese/ebnetd: Fix build on real environment

Branches

Unknown

Tags

Unknown

Event Timeline

fluffy committed rP524529: mil/opensmtpd: update to 6.6.2p1 relase.Jan 29 2020, 2:55 AM

Changes (2)

Path

Size

head/

mail/

opensmtpd/

Makefile

distinfo

rP524529

View Options

head/mail/opensmtpd/Makefile