TTCSIRT-285.022620: TT-CSIRT ADVISORY- OPENSMTPD 6.6.4P1 RELEASE ADDRESSES CRITICAL VULNERABILITY
Qualys has found another critical vulnerability in OpenSMTPD.
It is very important that you upgrade your setups AS SOON AS POSSIBLE. On OpenBSD: Binary patches are available through syspatch.
Just run the syspatch command and make sure that your OpenSMTPD was restarted: $ doas syspatch On other systems the released version 6.6.4p1 of OpenSMTPD addresses the vulnerability. The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates utilising the following links:
It is also available from Github:
Or using the `6.6.4p1` tag if you're building from source.