OpenSMTPD 6.6.4p1 security release:

"An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group."

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community