postfix-2.6.6-2.2.AXS4
エラータID: AXSA:2011-720:02
リリース日:
2011/12/29 Thursday - 12:02
題名:
postfix-2.6.6-2.2.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
Moderate
Description:
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS
Security issues fixed with this release:
CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
解決策:
Update packages.
CVE:
CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
追加情報:
From Asianux Server 4 SP1.
ダウンロード:
SRPMS
- postfix-2.6.6-2.2.AXS4.src.rpm
MD5: 2a6656b86c55dacd8bc6bde13b7faafe
SHA-256: 672082b66f2f00125f270412c503abbc89059ba78e8787ecd31eb444de3829b0
Size: 3.26 MB
Asianux Server 4 for x86
- postfix-2.6.6-2.2.AXS4.i686.rpm
MD5: 6771b3a3a9ed41ecad5220b649f38843
SHA-256: 1d835e326e9e4ce07768a6662e7dbb1bf20714cf19ee45c680adb1458924bcf1
Size: 2.03 MB
Asianux Server 4 for x86_64
- postfix-2.6.6-2.2.AXS4.x86_64.rpm
MD5: 9e4f9480558c71d8f05172da8f0242b9
SHA-256: 213004c555d1cba7d2781d9faf4cfa10bc0d453b34fb5220f59c3474922b9423
Size: 2.03 MB