>From the OpenBSD security advisory >Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6. > >smtpd can crash on opportunistic TLS downgrade, causing a denial of service. > >Binary updates for the amd64, i386, and arm64 platforms are available via >the syspatch utility. Source code patches can be found on the respective >errata page > >An incorrect check allows an attacker to trick mbox delivery into executing >arbitrary commands as root and lmtp delivery into executing arbitrary commands >as an unprivileged user. > >Binary updates for the amd64, i386, and arm64 platforms are available via >the syspatch utility. Source code patches can be found on the respective >errata page
https://marc.info/?l=openbsd-announce&m=158025067728747&w=2 https://marc.info/?l=openbsd-announce&m=158025060628722&w=2
