Re: Interim mitigation for CVE-2020-7247

2020-01-29 Thread Andreas Broecking
Or rather filter exploit_check phase mail-from match mail-from regex { '.*\;.*\;.*’ } disconnect "550 no exploiting, kthx” to be more specific on the semicolons as delimiter of the command? (sorry, as I said. regex is my nemesis :)) Best regards Andreas > On 29. Jan 2020,

Interim mitigation for CVE-2020-7247

2020-01-29 Thread Andreas Broecking
Hi all, first of all, thanks Gilles for the heads-up and a fix on short notice. For people like me who relay on the portable version and for systems which relay on built packages as they lack the local development tools, a filter should help to mitigate the problem until a package could be

Re: Interim mitigation for CVE-2020-7247

2020-01-29 Thread gilles
January 29, 2020 12:19 PM, "Andreas Broecking" wrote: > Hi all, > > first of all, thanks Gilles for the heads-up and a fix on short notice. > > For people like me who relay on the portable version and for systems which > relay on built packages > as they lack the local development tools, a

Re: filter oddities

2020-01-29 Thread Edgar Pettijohn
On 01/25/20 16:14, Edgar Pettijohn wrote: On 01/25/20 14:48, Edgar Pettijohn wrote: On 01/25/20 14:24, gil...@poolp.org wrote: January 25, 2020 9:21 PM, "Edgar Pettijohn" wrote: On 01/25/20 14:20, gil...@poolp.org wrote: January 25, 2020 8:50 PM, "Edgar Pettijohn" wrote: I

Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability

2020-01-29 Thread Reio Remma
On 29/01/2020 00:30, gil...@poolp.org wrote: Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll take time

Re: OpenSMTPD 6.6.2p1 released: addresses CRITICAL vulnerability

2020-01-29 Thread Harald Dunkel
Hi Gilles, On 2020-01-28 23:30, gil...@poolp.org wrote: Hello misc@, Qualys has found a critical vulnerability leading to a possible privilege escalation. It is very important that you upgrade your setups AS SOON AS POSSIBLE. We'll provide more details when the advisory will be out and I'll