You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa OpenSMTPD

Sigurnosni nedostatak programskog paketa OpenSMTPD

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4268-1
February 05, 2020

OpenSMTPD vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

OpenSMTPD could be made to run programs as root if it received specially
crafted input over the network.

Software Description:
– opensmtpd: secure, reliable, lean, and easy-to configure SMTP server

Details:

It was discovered that OpenSMTPD incorrectly verified the sender’s or
receiver’s e-mail addresses under certain conditions. An attacker could use
this vulnerability to execute arbitrary commands as root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
opensmtpd 6.0.3p1-6ubuntu0.1

Ubuntu 18.04 LTS:
opensmtpd 6.0.3p1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4268-1
CVE-2020-7247

Package Information:
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-6ubuntu0.1
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl460H4ACgkQdyg1Qz0o
XX1j+g/8DyYl6XpFCZUWq9fH39zDeZJeL4jh3fdnLgMycvN14fCtlRJureqULB7O
WsEBhF2tWspTKkEgzMPNvhR6uxMkh4M4O7+NufBOhgj1KubSzn/f8CGFbny8Bx55
+m9Xbi07rM2SpHN/Fu9Fxdn2Dax1870ReFJRN+mWEoM/Zw/Pv2vWdpVw/W6W4gka
mf1hUrtHoZAUMvNeAx0DxwRYURXDvWuzB/YDN4EmufG/Wu20iregmlWHXQ3cRkLT
gNZ7YBnPc0CYdo24qr3xtVKDtltom3Z2M7pe2KQGTIq7lr8vNmxFA0DzRIXO4hQV
hhjJfvmxfVMIykNone/auriroF8fA36AeaPyuhmE1awJ8oOI0eLuZXbgvStjK+3a
tkB6sswxlAo6aVlvb+tVfbov3qdODroOYKAvqH7kmd7Ci/xeX+jyM3G/nYDP5JOS
MU0Fs5pfdAeDFIZyTZqb+cyJz296AfKxpaZA5y0Mql+yF8oiYZiOymKaUrOpwCAb
a5uGev3BijhCqaAC8isN8qMFR9IpJV5sB3o2ZkyRuu6HMmlGeH2qny10pbxjVI0p
WVgAdDEMvXCO7deUCIMYuJwYEnGEis3fcoQf0dV9T0F/ycOU5rP3WdxQ7Utm/ySK
hRX9u/tWSniUI0buAkDJKZjwu7Y1DBxMpj9B1Q0fjuXVACi6wSg=
=KYgr
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2020-02-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa sudo

Otkriven je sigurnosni nedostatak u programskom paketu sudo za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close