Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.
5b6805dc7503709eaa6444271d78fe6c8eb7dcb5aa91a23ed44fee1b7b1d5835
==========================================================================
Ubuntu Security Notice USN-4294-1
March 02, 2020
OpenSMTPD vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in opensmtpd.
Software Description:
- opensmtpd: secure, reliable, lean, and easy-to configure SMTP server
Details:
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to execute arbitrary
shell commands as any non-root user. (CVE-2020-8794)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could read the first
line of any file on the filesystem. (CVE-2020-8793)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
opensmtpd 6.0.3p1-6ubuntu0.2
Ubuntu 18.04 LTS:
opensmtpd 6.0.3p1-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4294-1
CVE-2020-8793, CVE-2020-8794
Package Information:
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-6ubuntu0.2
https://launchpad.net/ubuntu/+source/opensmtpd/6.0.3p1-1ubuntu0.2