Unpleasant vulnerability in OpenSMTPD

Qualys has put out an advisory regarding a vulnerability in OpenBSD'sOpenSMTPD mail server. It "allows an attacker to execute arbitrary shellcommands, as root: either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost); or locally and remotely, in OpenSMTPD's 'uncommented' default configuration (which listens on all interfaces and accepts external mail)." OpenBSD users would be well advised to update quickly.