Re: Critical opensmtpd vulnerability

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Critical opensmtpd vulnerability

From:	宋文武
Subject:	Re: Critical opensmtpd vulnerability
Date:	Fri, 31 Jan 2020 13:14:17 +0800
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Tobias Geerinckx-Rice <address@hidden> writes:

> Fellow Guix running opensmtpd mail servers,
>
> As you probably know by now, a serious remote code execution bug was
> recently found and fixed in OpenSMTPd[0].
>
> TL;DR: You should probably stop your opensmtpd daemon until you've
> checked that our regular opensmtpd package (6.0.3p1) is not
> vulnerable.  If possible, switch to opensmtpd-next and adapt your
> configuration syntax:
>
>    (service opensmtpd-service-type
>         (opensmtpd-configuration
>          (package opensmtpd-next)
>          (config-file (plain-file "smtpd.conf"
>                       "include
> "/etc/guix/mail/my-new-smtpd.conf"\n"))))
>

I just upgrade my vulnerable opensmtpd 6.6.1p1 to 6.6.2p2, thank you
very much!

[Prev in Thread]

Current Thread

[Next in Thread]

Critical opensmtpd vulnerability, Tobias Geerinckx-Rice, 2020/01/29
- Re: Critical opensmtpd vulnerability, 宋文武 <=

Prev by Date: Re: [ SPAM? ] Re: Collect guix profiles in single directory.
Next by Date: Re: [ SPAM? ] Re: Collect guix profiles in single directory.
Previous by thread: Critical opensmtpd vulnerability
Index(es):
- Date
- Thread