[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050204091325.GB551@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-74-1] Postfix vulnerability
===========================================================
Ubuntu Security Notice USN-74-1 February 04, 2005
postfix vulnerability
http://bugs.debian.org/267837
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postfix
The problem can be corrected by upgrading the affected package to
version 2.1.3-1ubuntu17.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.diff.gz
Size/MD5: 411105 ebec5936210e45ace9340f8222d80b7c
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.dsc
Size/MD5: 864 07856f476ec0b61011def96d4516c118
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3.orig.tar.gz
Size/MD5: 1971632 1f515b0d80cd1f9db0113240bf36f248
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 97046 79e78142e88c18575899580bf9b16ca0
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 643972 e2e331623971c0b0f45970586ff7a083
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 35436 4bbea082d8d7d5ac5b1ea6f7d6cf8fa0
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31328 08e3729b757df658b99a56e50e9a9d5f
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 30904 7ea9aafc438c944ffcd18ae32805e660
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31636 ba7382b65df65cba401b2cb1ad051a68
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 156534 b46680cedf669bd7ed9e90bd34d6ca91
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 820506 bb67674c0e0c5bde0be5e506596cb033
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 34718 959a134b3d0b74faa0b56ded62ed005b
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30826 50142456894a4bc49447f83392257ef6
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30538 bb84db9e33c6b8da8b0dd99603425587
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 31098 606592256cfeda5aa28605185c44e66e
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 143034 09192e5964ca3b7d237e4c476b0ffb53
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 763490 0160158cb855957e0176a006176eb8c0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 36572 0a88dc7ab945722c44994c850b36dc09
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32724 880fbe7900ad95803eb1d9d0e26a1cf4
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32456 9946903ac57e73a22c159053be39c44d
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 33024 850289233b4d68d1e8dcb8a347fc6cd9
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 152468 d9e01c2eb71815f2da46870f0fa7353f
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 826188 77ed80d8e59e914124fc6bbafd07c3b2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050204/9bc61f4e/attachment.bin
Powered by blists - more mailing lists