postfix-3.5.25-1.el9

エラータID: AXSA:2024-9252:01

Release date: 
Thursday, December 12, 2024 - 18:06
Subject: 
postfix-3.5.25-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.

Security Fix(es):

* postfix: SMTP smuggling vulnerability (CVE-2023-51764)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.

Solution: 

Update packages.

CVEs: 
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports . but some other popular e-mail servers do not. To prevent attack variants (by always disallowing without ), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.
Additional Info: 

N/A

Download: 

SRPMS
  1. postfix-3.5.25-1.el9.src.rpm
    MD5: 2bf6970f8336c201885cad83406ff836
    SHA-256: 798862dc5be535814a2ce49dab7f96f536f2e84be27db6f7cca0e07ff41f5dc2
    Size: 4.55 MB

Asianux Server 9 for x86_64
  1. postfix-3.5.25-1.el9.x86_64.rpm
    MD5: 7a31fb452a289b3ac5808f3ecd0ede89
    SHA-256: 2ebf1ab3538166bd480c350845933c0f67ab208b123aa5da260a805d95e9d7d3
    Size: 1.50 MB
  2. postfix-cdb-3.5.25-1.el9.x86_64.rpm
    MD5: f42e38b096aa8fe037b75ffa5304d855
    SHA-256: 4e506ba1c8ceeb5aef6140b7c65117f1b02829b39e52c6983c341bf846eec4de
    Size: 15.53 kB
  3. postfix-ldap-3.5.25-1.el9.x86_64.rpm
    MD5: ef7df3a61e2c8e532f353160e9323130
    SHA-256: faf21431b7cc4c6484b1c7e2e13561cb134631c516801040f5cb7bf8f6ef50c0
    Size: 39.17 kB
  4. postfix-lmdb-3.5.25-1.el9.x86_64.rpm
    MD5: 9a9b1af2aa34c51bd254e726c64452ee
    SHA-256: b73bf2ef367b433b4703f885bd5c4a710b2d4eb7d2067ec7fd7d17e76a9a5509
    Size: 22.25 kB
  5. postfix-mysql-3.5.25-1.el9.x86_64.rpm
    MD5: 3f175df0d361e637715880cee4ff0f7a
    SHA-256: de327eb5ca167134d225b05b6dab97459500070c139a0e6d84cdd9a4a2d4cf28
    Size: 24.16 kB
  6. postfix-pcre-3.5.25-1.el9.x86_64.rpm
    MD5: 7f2d7f08bbe73f47b20e59b73e985353
    SHA-256: 7517a3726747b96165ba52f5516d368c68b1465f66d52a29bf550e02a27d90d1
    Size: 21.55 kB
  7. postfix-perl-scripts-3.5.25-1.el9.x86_64.rpm
    MD5: b947dbeee32a9e87f00d607da3b87868
    SHA-256: 8d598f2d4a09460da21246751cc0f01d56d53ab0cbfa84bb1bd657940645f6cc
    Size: 49.13 kB
  8. postfix-pgsql-3.5.25-1.el9.x86_64.rpm
    MD5: 727fb4cfd45253c2c1d44b702568aa3d
    SHA-256: 07d6f50564ac22134f3d6087e00ba8800515dbdf306ce380302ea1b20b02e543
    Size: 22.83 kB
  9. postfix-sqlite-3.5.25-1.el9.x86_64.rpm
    MD5: e4f2609613623af5d25250dea47e5319
    SHA-256: 5bb6e08391dd6d18a4986e4ac014992f5998c857696628236b8035708a64b34e
    Size: 19.00 kB