ALT Linux Team

Package opendkim update in sisyphus on 2018-12-10

ALT-PU-2018-2811-1

Package opendkim updated to version 2.11.0-alt1 for branch sisyphus in task 217547.

Closed vulnerabilities

Published: 2020-12-28
Modified: 2024-11-21

CVE-2020-35766

The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top