[USN-74-1] Postfix vulnerability

Martin Pitt martin.pitt at canonical.com
Fri Feb 4 03:18:59 CST 2005


===========================================================
Ubuntu Security Notice USN-74-1		  February 04, 2005
postfix vulnerability
http://bugs.debian.org/267837
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postfix

The problem can be corrected by upgrading the affected package to
version 2.1.3-1ubuntu17.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.diff.gz
      Size/MD5:   411105 ebec5936210e45ace9340f8222d80b7c
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1.dsc
      Size/MD5:      864 07856f476ec0b61011def96d4516c118
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3.orig.tar.gz
      Size/MD5:  1971632 1f515b0d80cd1f9db0113240bf36f248

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.1.3-1ubuntu17.1_all.deb
      Size/MD5:    97046 79e78142e88c18575899580bf9b16ca0
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.1.3-1ubuntu17.1_all.deb
      Size/MD5:   643972 e2e331623971c0b0f45970586ff7a083

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:    35436 4bbea082d8d7d5ac5b1ea6f7d6cf8fa0
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:    31328 08e3729b757df658b99a56e50e9a9d5f
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:    30904 7ea9aafc438c944ffcd18ae32805e660
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:    31636 ba7382b65df65cba401b2cb1ad051a68
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:   156534 b46680cedf669bd7ed9e90bd34d6ca91
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_amd64.deb
      Size/MD5:   820506 bb67674c0e0c5bde0be5e506596cb033

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:    34718 959a134b3d0b74faa0b56ded62ed005b
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:    30826 50142456894a4bc49447f83392257ef6
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:    30538 bb84db9e33c6b8da8b0dd99603425587
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:    31098 606592256cfeda5aa28605185c44e66e
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:   143034 09192e5964ca3b7d237e4c476b0ffb53
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_i386.deb
      Size/MD5:   763490 0160158cb855957e0176a006176eb8c0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:    36572 0a88dc7ab945722c44994c850b36dc09
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:    32724 880fbe7900ad95803eb1d9d0e26a1cf4
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:    32456 9946903ac57e73a22c159053be39c44d
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:    33024 850289233b4d68d1e8dcb8a347fc6cd9
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-tls_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:   152468 d9e01c2eb71815f2da46870f0fa7353f
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.1.3-1ubuntu17.1_powerpc.deb
      Size/MD5:   826188 77ed80d8e59e914124fc6bbafd07c3b2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050204/95a6c123/attachment.pgp


More information about the ubuntu-security-announce mailing list