CERT mailing list archives

Previous By Date Next
Previous By Thread Next

OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 26 Feb 2020 00:49:42 +0000
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2020/02/25/opensmtpd-releases-version-664p1-address-critical-vulnerability
 ] 02/25/2020 05:04 PM EST 
Original release date: February 25, 2020

OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this 
vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the 
Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the necessary 
update. For OpenBSD implementations, binary patches are available through syspatch; see OpenSMTPDs Message 04888 [ 
https://www.mail-archive.com/misc () opensmtpd org/msg04888.html ] for further instruction. For other systems, the 
update is available at OpenSMTPDs GitHub release page [ https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.4p1 ].

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: