postfix-2.6.6-2.1.AXS4

エラータID: AXSA:2011-159:01

リリース日: 
2011/04/20 Wednesday - 15:46
題名: 
postfix-2.6.6-2.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS
Security issues fixed with this release:
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack.

解決策: 

Update packages.

CVE: 
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.


追加情報: 

N/A

ダウンロード: 

SRPMS
  1. postfix-2.6.6-2.1.AXS4.src.rpm
    MD5: 00f6706e1f3eb2e59b357e238274c0aa
    SHA-256: 0c7b64888ee106e894cb1cecbd5202b0ac1905eb030ba049eef810f63aee2937
    Size: 3.26 MB

Asianux Server 4 for x86
  1. postfix-2.6.6-2.1.AXS4.i686.rpm
    MD5: 717bd5c32ba12d9f9515ad2b533690ee
    SHA-256: dd2d307f3577a1cb3c33b66a3784b63de608540f35590d9e05cff0f3d5ac20e4
    Size: 2.03 MB

Asianux Server 4 for x86_64
  1. postfix-2.6.6-2.1.AXS4.x86_64.rpm
    MD5: 602dcde574842eccf3f82715d5b3119f
    SHA-256: 5030558248946216f8ee07aec67c6244b36a0a3f8190b416d3befb5900404ed5
    Size: 2.04 MB