postfix-2.3.3-2.10.AXS3

エラータID: AXSA:2011-150:02

Release date: 
Friday, April 15, 2011 - 16:49
Subject: 
postfix-2.3.3-2.10.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS
Security issues fixed with this release:
CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a 'plaintext command injection' attack.

Solution: 

Update package.

CVEs: 
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
CVE-2008-2937
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Additional Info: 

N/A

Download: 

SRPMS
  1. postfix-2.3.3-2.10.AXS3.src.rpm
    MD5: 2c390d85a32514bceae53ba654b8ff65
    SHA-256: 72ebaa2564f306296557c99967b4131bb3bde1a55b17c2cc92eb6dda99b1333f
    Size: 2.73 MB

Asianux Server 3 for x86
  1. postfix-2.3.3-2.10.AXS3.i386.rpm
    MD5: 0c14d128812298c642a631c145ff9d30
    SHA-256: 75655dee638b8a4f8db6b59afefefcf646cc21010f3443b947d978ed119abad3
    Size: 3.69 MB
  2. postfix-pflogsumm-2.3.3-2.10.AXS3.i386.rpm
    MD5: e76ddceaecfbbaf86d8080e50d494d14
    SHA-256: c65079a5733da11c5589dafb69f0a8094b00d4e18d88fc2f76458492b8433217
    Size: 50.01 kB

Asianux Server 3 for x86_64
  1. postfix-2.3.3-2.10.AXS3.x86_64.rpm
    MD5: 002f93ecd07d44dfc2512e19153fd2e8
    SHA-256: 380c213243029bab5472a3d076f8609de253f1cc61d1602a4096beb183df4b9a
    Size: 3.82 MB
  2. postfix-pflogsumm-2.3.3-2.10.AXS3.x86_64.rpm
    MD5: bced2dd8e28d5b59f91cb8cbf1746c8f
    SHA-256: e21a86994cc8b166a3d7000c8f28495e6da9b310ca0053e7c7004fd54e7daa7f
    Size: 49.98 kB