==========================================================================
Ubuntu Security Notice USN-4268-1
February 05, 2020
OpenSMTPD vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 18.04 LTS
Summary:
OpenSMTPD could be made to run programs as root if it received specially
crafted input over the network.
Software Description:
– opensmtpd: secure, reliable, lean, and easy-to configure SMTP server
Details:
It was discovered that OpenSMTPD incorrectly verified the sender’s or
receiver’s e-mail addresses under certain conditions. An attacker could use
this vulnerability to execute arbitrary commands as root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
opensmtpd 6.0.3p1-6ubuntu0.1
Ubuntu 18.04 LTS:
opensmtpd 6.0.3p1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4268-1
CVE-2020-7247
Package Information:
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-6ubuntu0.1
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl460H4ACgkQdyg1Qz0o
XX1j+g/8DyYl6XpFCZUWq9fH39zDeZJeL4jh3fdnLgMycvN14fCtlRJureqULB7O
WsEBhF2tWspTKkEgzMPNvhR6uxMkh4M4O7+NufBOhgj1KubSzn/f8CGFbny8Bx55
+m9Xbi07rM2SpHN/Fu9Fxdn2Dax1870ReFJRN+mWEoM/Zw/Pv2vWdpVw/W6W4gka
mf1hUrtHoZAUMvNeAx0DxwRYURXDvWuzB/YDN4EmufG/Wu20iregmlWHXQ3cRkLT
gNZ7YBnPc0CYdo24qr3xtVKDtltom3Z2M7pe2KQGTIq7lr8vNmxFA0DzRIXO4hQV
hhjJfvmxfVMIykNone/auriroF8fA36AeaPyuhmE1awJ8oOI0eLuZXbgvStjK+3a
tkB6sswxlAo6aVlvb+tVfbov3qdODroOYKAvqH7kmd7Ci/xeX+jyM3G/nYDP5JOS
MU0Fs5pfdAeDFIZyTZqb+cyJz296AfKxpaZA5y0Mql+yF8oiYZiOymKaUrOpwCAb
a5uGev3BijhCqaAC8isN8qMFR9IpJV5sB3o2ZkyRuu6HMmlGeH2qny10pbxjVI0p
WVgAdDEMvXCO7deUCIMYuJwYEnGEis3fcoQf0dV9T0F/ycOU5rP3WdxQ7Utm/ySK
hRX9u/tWSniUI0buAkDJKZjwu7Y1DBxMpj9B1Q0fjuXVACi6wSg=
=KYgr
—–END PGP SIGNATURE—–
—