Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability
Hi Jason, On 2020-01-29 14:33, Jason Barbier wrote: According to the CVE everything since the commit in May 2018 that established the new grammar. The EMail did not mention a CVE. I was very concerned that I had to upgrade my "old" hosts to the new smtpd.conf syntax, so this is good news. Thanx for your reply. Regards Harri
Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability
Hi Gilles, On 2020-01-28 23:30, gil...@poolp.org wrote: Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll take time to write about how this bug was made possible, but in the meantime get your setups fixed ! Which versions of opensmtpd are affected? Thanx for the quick fix. Harri
Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability
On 29/01/2020 00:30, gil...@poolp.org wrote: Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll take time to write about how this bug was made possible, but in the meantime get your setups fixed ! Thanks a lot for the heads up! Updated my CentOS 7 packages. Thanks, Reio