From mboxrd@z Thu Jan 1 00:00:00 1970 From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) Subject: Re: Critical opensmtpd vulnerability Date: Fri, 31 Jan 2020 13:14:17 +0800 Message-ID: <87sgjwmcly.fsf@member.fsf.org> References: <87a7666sle.fsf@nckx> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:44644) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ixOdX-0001Ov-Bk for guix-devel@gnu.org; Fri, 31 Jan 2020 00:14:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ixOdW-0000yu-Cy for guix-devel@gnu.org; Fri, 31 Jan 2020 00:14:35 -0500 Received: from rezeros.cc ([2001:19f0:7001:2f3e:5400:ff:fe84:e55d]:49958) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ixOdV-0000iR-W1 for guix-devel@gnu.org; Fri, 31 Jan 2020 00:14:34 -0500 In-Reply-To: <87a7666sle.fsf@nckx> (Tobias Geerinckx-Rice's message of "Wed, 29 Jan 2020 19:11:09 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: Tobias Geerinckx-Rice Cc: Guix-devel Tobias Geerinckx-Rice writes: > Fellow Guix running opensmtpd mail servers, > > As you probably know by now, a serious remote code execution bug was > recently found and fixed in OpenSMTPd[0]. > > TL;DR: You should probably stop your opensmtpd daemon until you've > checked that our regular opensmtpd package (6.0.3p1) is not > vulnerable. If possible, switch to opensmtpd-next and adapt your > configuration syntax: > > (service opensmtpd-service-type > (opensmtpd-configuration > (package opensmtpd-next) > (config-file (plain-file "smtpd.conf" > "include > "/etc/guix/mail/my-new-smtpd.conf"\n")))) > I just upgrade my vulnerable opensmtpd 6.6.1p1 to 6.6.2p2, thank you very much!