Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2011:045 ] postfix
From: security () mandriva com
Date: Wed, 16 Mar 2011 16:41:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:045
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postfix
 Date    : March 16, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A security flaw was discovered in postfix which allows plaintext
 command injection with SMTP sessions over TLS (CVE-2011-0411).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411
 http://www.postfix.org/CVE-2011-0411.html
 http://www.kb.cert.org/vuls/id/555316
 http://www.securityfocus.com/archive/1/516901/30/0/threaded
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 eb607fe6834ded296aec54851a3bd56c  2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm
 76a18eb7f7627ba5489137eb592d0c8b  2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm
 61c70b9d189f68276601d724e8444d9f  2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm
 24255918008338487798ea647860484e  2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm
 e4d4db07cb302b3072f78097f84e1b87  2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm
 ebd9879c9c773c3d57375809c696f517  2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm 
 b27d3f6b20b11f71fd54d0f50a8a4b47  2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 73053818f39aba0ee0bece7ab997b07c  2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm
 c0e3c04bfd70acc0ee09e7413b3a3400  2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm
 435fe07232bf307882a1589bc1ccca22  2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm
 4d1d018487d1c3328cd425d220136a6f  2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm
 e7bd9b102319bc1ed4cdda27edaf26e2  2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm
 7051b04bff45730a0268c5b311361111  2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm 
 b27d3f6b20b11f71fd54d0f50a8a4b47  2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 f83a569908244de2e04f13c5e9cbc29a  2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm
 b28f60198223458fe7a8b9c92d9901c1  2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm
 1572c433ec62d49970a250050da98ed7  2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm
 2aeb9f3d82b97e4314b3f8d6500a244a  2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm
 2d93c886dda73832ee8b96961e0cc316  2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm
 544853ecd21ca236324418232b59d206  2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm 
 e3748479ec6c93be12808e26e6b0fa55  2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 0282b58fb34ab310a8e66cda1792da37  2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm
 644f3b20cfed1b5e57ef53a7ef94898a  2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm
 16b27a49a3dcae6fa520c3cb24b2f69b  2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm
 9e60217b6e8adc9a0e286df835f9d695  2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm
 8594b10f400395fff17ffda26e9e3b3d  2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm
 e63fb8c5794ce971488898af1d537f36  2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm 
 e3748479ec6c93be12808e26e6b0fa55  2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 19ee5b6c6a18c73ccf1d74e20f89759d  2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm
 7a468df2b451f6972c38faf1f60ad8af  2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm
 a814f84c61afd93f3416c69d993afd7a  2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm
 f6f7f9492ab304d28f8aa4bfc653ca1e  2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm
 8013bafd20881dd85b3be95529be848d  2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm
 145c8551dc1c51b071d1f3f992f8e638  2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm
 8f0d058eda66267085cbe5a7f5133b60  2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm 
 c90d8220b74b39ce44a4b9dfe8876783  2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0a9207a9e00cce2e656ff248513d5bc3  2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm
 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a  2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm
 c8c5efad63b597b3d3a0aec3c5027ffa  2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm
 71d9a4095514c72494c4f02d2696b619  2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm
 8865fea8796435b2d715bf0d89c4530f  2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm
 784960a49889f3fce8a308842321d8e8  2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm
 dc50ccda7bfb1a1f7f673bc251f14683  2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm 
 c90d8220b74b39ce44a4b9dfe8876783  2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm

 Corporate 4.0:
 6b7d62433679d20ae3b5cdf2668019e7  corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm
 c5d4cbc67d00e0ea8b32c6598d6d65f0  corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm
 287daadea040f15c1e25a6de77a438b2  corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm
 aac87a567ae68c48d4e8226429b35697  corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm
 c331a8061b0c5a6639c633d608e37871  corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm
 25ce650233120a54e830c120f773f715  corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm 
 f2f060fddbb666572eca06ae47e36a3a  corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 45b683c80b3006c3df5144bfe0fede86  corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm
 fc82cfcdbf89c059b6850edfa049128f  corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm
 7057754d88c8146d235d3ab96fd64d2f  corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm
 872c28155eb6276ba0fd1001387ffac7  corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm
 644747748d18077fc63aa740c2947768  corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm
 19b2a209beade7e6e25de6d0f3cb4b6d  corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm 
 f2f060fddbb666572eca06ae47e36a3a  corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 9c50578bd954be2ea42e6f3f3131cc9c  mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm
 bca22f9be6e6bef4e02f2ffb4623d2e3  mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm
 45cfa7336d29cddca1ac07270d2b8287  mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm
 87d4b942fefedc239a213b3ce5715cf0  mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm
 b3caf9572b69e757b9697139bb0ed5d8  mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm
 bde845f9957e2ead0e398c5bebef6f79  mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm 
 8ad3739bcdf5297b2dddfb4e289049d9  mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d920df80c9fdbcb64a9c50d265acd7e8  mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm
 1d09a25b69b76b2c013bac182c0e456d  mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm
 0afe348155bee4af965ec616d86a9219  mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm
 db4e476a96f489d957610fb1ff7c6f9e  mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm
 6ce0428271de05b3bb2d2e430c3281a3  mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm
 32468daeee58b727ce1c85adcc2b364c  mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm 
 8ad3739bcdf5297b2dddfb4e289049d9  mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNgKjqmqjQ0CJFipgRAvrzAJ9gJSdlaBzy7iwdgFmIfZkXv0IEKQCeP1ke
vU25cnZhXdC1kp2Vc0S3c+I=
=lOmR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:045 ] postfix security (Mar 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]