Tobias Geerinckx-Rice <m...@tobias.gr> writes: > Fellow Guix running opensmtpd mail servers, > > As you probably know by now, a serious remote code execution bug was > recently found and fixed in OpenSMTPd[0]. > > TL;DR: You should probably stop your opensmtpd daemon until you've > checked that our regular opensmtpd package (6.0.3p1) is not > vulnerable. If possible, switch to opensmtpd-next and adapt your > configuration syntax: > > (service opensmtpd-service-type > (opensmtpd-configuration > (package opensmtpd-next) > (config-file (plain-file "smtpd.conf" > "include > "/etc/guix/mail/my-new-smtpd.conf"\n")))) >
I just upgrade my vulnerable opensmtpd 6.6.1p1 to 6.6.2p2, thank you very much!
