Alpine Linux

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

OpenSMTPD version 6.6.2p1-r0 has been implemented in the latest version of Alpine Linux.

Vendor References

Amazon

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple

Notified:  January 31, 2020 Updated: March 09, 2020

Statement Date:   March 06, 2020

Status

  Not Affected

Vendor Statement

Our products are not impacted by this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc.

Notified:  January 31, 2020 Updated: February 03, 2020

Status

  Not Affected

Vendor Statement

No products Arista Networks sells are affected by VU#390745 aka CVE-2020-7247. This is due to that library not being used nor included in any of the products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  January 31, 2020 Updated: February 04, 2020

Statement Date:   February 03, 2020

Status

  Not Affected

Vendor Statement

Container Linux does not ship OpenSMTPD and so is not vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  January 31, 2020 Updated: February 03, 2020

Statement Date:   January 31, 2020

Status

  Affected

Vendor Statement

This affected Debian and has been adressed:https://www.debian.org/security/2020/dsa-4611

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Dell EMC

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  January 31, 2020 Updated: February 03, 2020

Status

  Not Affected

Vendor Statement

F5 Networks products are not affected as OpenSMTPD is not included. For products that are installed on a host OS(virtual edition,etc.)the presence of OpenSMTPD will depend on the host OS and not the F5 product. Customers are advised to check with the host OS vendor to determine if their platform is affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

FreeBSD Project

Notified:  January 31, 2020 Updated: February 04, 2020

Status

  Not Affected

Vendor Statement

FreeBSD has never shipped with OpenSMTPD installed by default. We do provide OpenSMTPD as part of our third-party package collection and users can also build the package from our ports tree. The port was updated on Wednesday 29th January at 02:55 UTC and the fix was merged to the 2020Q1 quarterly branch on Friday 31st January at 09:37 UTC. Pre-built packages of the updated port have been available on our mirrors since Thursday 30th January 2020 at 14:16 UTC(head)and Sunday 2nd February 2020 at 01:10 UTC(quarterly).

Vendor Information

OpenSMTPD version 6.6.2p1-r0 has been implemented in the latest version of FreeBSD.

Vendor References

Geexbox

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  January 31, 2020 Updated: February 03, 2020

Status

  Not Affected

Vendor Statement

None of the most popular illumos distributions(OpenIndiana,SmartOS,OmniOSce)ship with OpenSMTPD. A cursory survey of others indicates no OpenSMTPD either.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  January 31, 2020 Updated: February 03, 2020

Status

  Not Affected

Vendor Statement

NetBSD is not vulnerable - we do not ship/have never shipped OpenSMTPD.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Updated:  January 31, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

OpenBSD has released a patch in OpenSMTPD version 6.6.2p1 to address this vulnerability.

Vendor References

Openwall GNU/*/Linux

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  January 31, 2020 Updated: February 05, 2020

Status

  Not Affected

Vendor Statement

QNX is not vulnerable - OpenSMTPD has not shipped as part of our product.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  January 31, 2020 Updated: February 03, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Slackware Linux Inc.

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  January 31, 2020 Updated: February 03, 2020

Statement Date:   February 01, 2020

Status

  Not Affected

Vendor Statement

Neither SUSE nor openSUSE do not include opensmtpd,so SUSE is not affected by this problem.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology

Notified:  January 31, 2020 Updated: February 03, 2020

Statement Date:   February 03, 2020

Status

  Not Affected

Vendor Statement

Synology does not employ OpenSMTPD for our products,including MailPlus[1]and Mail Station[2]. [1] https://www.synology.com/dsm/feature/mailplus[2]https://www.synology.com/dsm/packages/MailStation

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Tizen

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Updated:  February 07, 2020

Status

  Affected

Vendor Statement

CVE-2020-7247 has been patched in the following Ubuntu releases: 18.04 Bionic Beaver:OpenSMTPD 6.0.3p1-1ubuntu0.1 19.10 Eoan Ermine:OpenSMTPD 6.0.3p6-1ubuntu0.1 Please see USN-4268-1(https://usn.ubuntu.com/4268-1/)for more details.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Unisys

Notified:  January 31, 2020 Updated: January 31, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 48 vendors View less vendors