CVSROOT: /cvs Module name: src Changes by: [email protected] 2020/02/24 09:19:32
Modified files:
usr.sbin/smtpd : Tag: OPENBSD_6_6 makemap.c mta_session.c
smtpctl.c smtpd-defines.h smtpd.c smtpd.h
Log message:
OpenBSD 6.6 errata 021, February 24, 2020:
An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.
Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run with the _smtpq group.
