OpenSMTPD v6.7.1.p1 Release NotesRelease Date: 2020-05-21 // 3 months ago
- 🛠 fixes a packaging issue causing asr.h to be installed in target system
- 🛠 fixes a possible crash in the MTA when establishing IPv6 connections
Previous changes from v6.6.4.p1
🚀 SECURITY RELEASE
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.