[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Critical opensmtpd vulnerability
From: |
宋文武 |
Subject: |
Re: Critical opensmtpd vulnerability |
Date: |
Fri, 31 Jan 2020 13:14:17 +0800 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Tobias Geerinckx-Rice <address@hidden> writes:
> Fellow Guix running opensmtpd mail servers,
>
> As you probably know by now, a serious remote code execution bug was
> recently found and fixed in OpenSMTPd[0].
>
> TL;DR: You should probably stop your opensmtpd daemon until you've
> checked that our regular opensmtpd package (6.0.3p1) is not
> vulnerable. If possible, switch to opensmtpd-next and adapt your
> configuration syntax:
>
> (service opensmtpd-service-type
> (opensmtpd-configuration
> (package opensmtpd-next)
> (config-file (plain-file "smtpd.conf"
> "include
> "/etc/guix/mail/my-new-smtpd.conf"\n"))))
>
I just upgrade my vulnerable opensmtpd 6.6.1p1 to 6.6.2p2, thank you
very much!