[postfix-jp: 3903] SECURITY: Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[postfix-jp: 3903] SECURITY: Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available

Subject: [postfix-jp: 3903] SECURITY: Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available
From: Takahiro Kambe <taca@xxxxxxxxxxxxxxx>
Date: Tue, 08 Mar 2011 13:30:57 +0900 (JST)

$B$3$s$K$A$O!#(B
(B
(BPostfix 2.8$B$h$jA0$N%j%j!<%9$G(BTLS$B$K4XO"$7$?@H$l(B
$BBP1~$9$k%j%j!<%9$,=P$F$$$^$9!#LdBj$N>\:Y$JFbMF$K$D$$$F$O!"(B
(B
(B	http://www.kb.cert.org/vuls/id/555316
(B
$B$K>\:Y$,$"$j$^$9!#(B
(B
(B-- 
$B?@8M(B $BN4Gn(B ($B$+$s$Y(B $B$?$+$R$m(B)		at $B;E;v>l(B 
(B
(B
(BMessage-Id: <20110307201840.C377D1F3EAE@xxxxxxxxxxxxxxxxxxx>
(BSubject: Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available
(BDate: Mon, 7 Mar 2011 15:18:40 -0500 (EST)
(BFrom: Wietse Venema <wietse@xxxxxxxxxxxxx>
(BTo: Postfix announce <postfix-announce@xxxxxxxxxxx>
(BCC: Postfix users <postfix-users@xxxxxxxxxxx>
(BX-Mailer: ELM [version 2.4ME+ PL82 (25)]
(BDelivered-To: postfix-announce-outgoing@xxxxxxxxxx
(BContent-Transfer-Encoding: 7bit
(BContent-Type: text/plain; charset=US-ASCII
(B
(B[An on-line version of this announcement will be available at
(Bhttp://www.postfix.org/announcements/postfix-2.7.3.html]
(B
(BPostfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
(BThese releases contain a fix for CVE-2011-0411 which allows plaintext
(Bcommand injection with SMTP sessions over TLS. This defect was
(Bintroduced with Postfix version 2.2. The same flaw exists in other
(Bimplementations of the STARTTLS command.
(B
(B    Note: CVE-2011-0411 is an issue only for the minority of SMTP
(B    clients that actually verify server certificates. Without server
(B    certificate verification, clients are always vulnerable to
(B    man-in-the-middle attacks that allow attackers to inject
(B    plaintext commands or responses into SMTP sessions, and more.
(B
(BPostfix 2.8 and 2.9 are not affected.
(B
(B	...
(B
(B_______________________________________________
(BPostfix-jp-list mailing list
(BPostfix-jp-list@xxxxxxxxxxxxxxxxxxxx
(Bhttp://lists.sourceforge.jp/mailman/listinfo/postfix-jp-list

Prev by Date: [postfix-jp: 3902] Re: non-SMTP command$B$K$D$$$F(B
Next by Date: [postfix-jp: 3904] Postfix$B$G(BDomainkeys$B$r

Previous by thread: [postfix-jp: 3902] Re: non-SMTP command$B$K$D$$$F(B
Next by thread: [postfix-jp: 3904] Postfix$B$G(BDomainkeys$B$r

Index(es):
- Date
- Thread

[$B8!:w%Z!<%8(B] [Postfix-JP ML Home]