PDA

View Full Version : [SOLVED] [USN-74-1] Postfix vulnerability



Martin Pitt
February 4th, 2005, 10:45 AM
================================================== =========
Ubuntu Security Notice USN-74-1 February 04, 2005
postfix vulnerability
http://bugs.debian.org/267837
================================================== =========

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postfix

The problem can be corrected by upgrading the affected package to
version 2.1.3-1ubuntu17.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.diff.gz
Size/MD5: 411105 ebec5936210e45ace9340f8222d80b7c
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.dsc
Size/MD5: 864 07856f476ec0b61011def96d4516c118
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3.orig.tar.gz
Size/MD5: 1971632 1f515b0d80cd1f9db0113240bf36f248

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 97046 79e78142e88c18575899580bf9b16ca0
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.1.3-1ubuntu17.1_all.deb
Size/MD5: 643972 e2e331623971c0b0f45970586ff7a083

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 35436 4bbea082d8d7d5ac5b1ea6f7d6cf8fa0
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31328 08e3729b757df658b99a56e50e9a9d5f
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 30904 7ea9aafc438c944ffcd18ae32805e660
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 31636 ba7382b65df65cba401b2cb1ad051a68
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 156534 b46680cedf669bd7ed9e90bd34d6ca91
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_amd64.deb
Size/MD5: 820506 bb67674c0e0c5bde0be5e506596cb033

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 34718 959a134b3d0b74faa0b56ded62ed005b
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30826 50142456894a4bc49447f83392257ef6
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 30538 bb84db9e33c6b8da8b0dd99603425587
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 31098 606592256cfeda5aa28605185c44e66e
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 143034 09192e5964ca3b7d237e4c476b0ffb53
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_i386.deb
Size/MD5: 763490 0160158cb855957e0176a006176eb8c0

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 36572 0a88dc7ab945722c44994c850b36dc09
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32724 880fbe7900ad95803eb1d9d0e26a1cf4
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 32456 9946903ac57e73a22c159053be39c44d
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 33024 850289233b4d68d1e8dcb8a347fc6cd9
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 152468 d9e01c2eb71815f2da46870f0fa7353f
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_powerpc.deb
Size/MD5: 826188 77ed80d8e59e914124fc6bbafd07c3b2

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCAz4DDecnbV4Fd/IRAuBzAJ9pPKSmIlTU8WQ10fVH6rKNvyPQxgCgrxrC
ekTkJO8SXNUghp/YTw2FNrw=
=86VE
-----END PGP SIGNATURE-----