postfix-2.6.6-2.1.AXS4
エラータID: AXSA:2011-159:01
リリース日:
2011/04/20 Wednesday - 15:46
題名:
postfix-2.6.6-2.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS
Security issues fixed with this release:
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack.
解決策:
Update packages.
CVE:
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
追加情報:
N/A
ダウンロード:
SRPMS
- postfix-2.6.6-2.1.AXS4.src.rpm
MD5: 00f6706e1f3eb2e59b357e238274c0aa
SHA-256: 0c7b64888ee106e894cb1cecbd5202b0ac1905eb030ba049eef810f63aee2937
Size: 3.26 MB
Asianux Server 4 for x86
- postfix-2.6.6-2.1.AXS4.i686.rpm
MD5: 717bd5c32ba12d9f9515ad2b533690ee
SHA-256: dd2d307f3577a1cb3c33b66a3784b63de608540f35590d9e05cff0f3d5ac20e4
Size: 2.03 MB
Asianux Server 4 for x86_64
- postfix-2.6.6-2.1.AXS4.x86_64.rpm
MD5: 602dcde574842eccf3f82715d5b3119f
SHA-256: 5030558248946216f8ee07aec67c6244b36a0a3f8190b416d3befb5900404ed5
Size: 2.04 MB