Hello misc@,

Qualys has found a critical vulnerability leading to a possible privilege 

It is very important that you upgrade your setups AS SOON AS POSSIBLE.

We'll provide more details when the advisory will be out and I'll take time to 
about how this bug was made possible, but in the meantime get your setups fixed 

On OpenBSD:

Binary patches are available through syspatch.

Just run the syspatch command and make sure that your OpenSMTPD was restarted:

$ doas syspatch

On other systems

I have released version 6.6.2p1 of OpenSMTPD which addresses the vulnerability.

It is available from our website:


It is also available from Github:


Or using the `6.6.2p1` tag if you're building from source.

Reply via email to