Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in Postfix
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Postfix
ID: MDVSA-2011:090
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: Di, 17. Mai 2011, 12:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
Applikationen: Postfix

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1305626050-2533-43

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:090
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postfix
 Date    : May 17, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in postfix:
 
 The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10,
 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL
 authentication methods are enabled, does not create a new server handle
 after client authentication fails, which allows remote attackers to
 cause a denial of service (heap memory corruption and daemon crash)
 or possibly execute arbitrary code via an invalid AUTH command
 with one method followed by an AUTH command with a different method
 (CVE-2011-1720).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 1326a3c6e48e45049fb8f024a92e9327 
 2009.0/i586/libpostfix1-2.5.5-4.3mdv2009.0.i586.rpm
 db9f9583fe600220a4c3b88e380405a5 
 2009.0/i586/postfix-2.5.5-4.3mdv2009.0.i586.rpm
 5b56b55f7bd99c75e63ace3f30563d96 
 2009.0/i586/postfix-ldap-2.5.5-4.3mdv2009.0.i586.rpm
 10427140a4a15a36830829f58b303f62 
 2009.0/i586/postfix-mysql-2.5.5-4.3mdv2009.0.i586.rpm
 98e66e07460821307d2f70dd4800c838 
 2009.0/i586/postfix-pcre-2.5.5-4.3mdv2009.0.i586.rpm
 aa53192429b7aed8d4289b51ec4cb09b 
 2009.0/i586/postfix-pgsql-2.5.5-4.3mdv2009.0.i586.rpm 
 4694f8539dc6c78b5883364643684771 
 2009.0/SRPMS/postfix-2.5.5-4.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f83ba1b1f9db1a605fef6ac14ace9c11 
 2009.0/x86_64/lib64postfix1-2.5.5-4.3mdv2009.0.x86_64.rpm
 b34609798fe6ec9afbf7df1b404ebfd9 
 2009.0/x86_64/postfix-2.5.5-4.3mdv2009.0.x86_64.rpm
 aa2faee590701df2c52c0c0a397fd328 
 2009.0/x86_64/postfix-ldap-2.5.5-4.3mdv2009.0.x86_64.rpm
 cec328a0b6fa68067f7a9d0ac93754e4 
 2009.0/x86_64/postfix-mysql-2.5.5-4.3mdv2009.0.x86_64.rpm
 64934922bb7cbd1601f86b33d9ebb47c 
 2009.0/x86_64/postfix-pcre-2.5.5-4.3mdv2009.0.x86_64.rpm
 0f615e0db5b697f14cbb365fbf08e257 
 2009.0/x86_64/postfix-pgsql-2.5.5-4.3mdv2009.0.x86_64.rpm 
 4694f8539dc6c78b5883364643684771 
 2009.0/SRPMS/postfix-2.5.5-4.3mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 5d798d385bbef67b5a9f944656fe8fff 
 2010.1/i586/libpostfix1-2.7.0-4.2mdv2010.2.i586.rpm
 9145ded79bd413536a3cea86c9e71b9f 
 2010.1/i586/postfix-2.7.0-4.2mdv2010.2.i586.rpm
 b8dd8213dc4db210faf214cb4c456b2d 
 2010.1/i586/postfix-cdb-2.7.0-4.2mdv2010.2.i586.rpm
 92c28b8d45d4db5489b6e710959cacc3 
 2010.1/i586/postfix-ldap-2.7.0-4.2mdv2010.2.i586.rpm
 fe5368cbe79376d793145901804d1092 
 2010.1/i586/postfix-mysql-2.7.0-4.2mdv2010.2.i586.rpm
 b3e62b3f5a8515b93eb7b5536a52f5fe 
 2010.1/i586/postfix-pcre-2.7.0-4.2mdv2010.2.i586.rpm
 a7ad1ed4b0307ae6260da4c2b9d822e8 
 2010.1/i586/postfix-pgsql-2.7.0-4.2mdv2010.2.i586.rpm 
 4681d51e9652432cfebbfd1bf2adcdd6 
 2010.1/SRPMS/postfix-2.7.0-4.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 f42fbb3f8144f31f2eba7eabbe6d8ad5 
 2010.1/x86_64/lib64postfix1-2.7.0-4.2mdv2010.2.x86_64.rpm
 7c92c86b7b4f975541e3f68afb2e2cf9 
 2010.1/x86_64/postfix-2.7.0-4.2mdv2010.2.x86_64.rpm
 73a46012559559677e38508107c2f21a 
 2010.1/x86_64/postfix-cdb-2.7.0-4.2mdv2010.2.x86_64.rpm
 f1f12686d4f173f586d7d12014c34cbd 
 2010.1/x86_64/postfix-ldap-2.7.0-4.2mdv2010.2.x86_64.rpm
 5e56411242773b0253f94cedc9feff42 
 2010.1/x86_64/postfix-mysql-2.7.0-4.2mdv2010.2.x86_64.rpm
 8d23a994589f508b4e602d8038d217cf 
 2010.1/x86_64/postfix-pcre-2.7.0-4.2mdv2010.2.x86_64.rpm
 17b5cb9a10eeb4159d4d490e949bb425 
 2010.1/x86_64/postfix-pgsql-2.7.0-4.2mdv2010.2.x86_64.rpm 
 4681d51e9652432cfebbfd1bf2adcdd6 
 2010.1/SRPMS/postfix-2.7.0-4.2mdv2010.2.src.rpm

 Corporate 4.0:
 c536b52f1378cb4a55971d82454d262b 
 corporate/4.0/i586/libpostfix1-2.3.5-0.5.20060mlcs4.i586.rpm
 02f8482473caae37dfae8cb968edaaa3 
 corporate/4.0/i586/postfix-2.3.5-0.5.20060mlcs4.i586.rpm
 39122dc26c31878a108cf72a87c12991 
 corporate/4.0/i586/postfix-ldap-2.3.5-0.5.20060mlcs4.i586.rpm
 d6fed1d55e5b2d2c90cb648cc22931e1 
 corporate/4.0/i586/postfix-mysql-2.3.5-0.5.20060mlcs4.i586.rpm
 23b476ccb4b5200b21d3dc7bcb1e6914 
 corporate/4.0/i586/postfix-pcre-2.3.5-0.5.20060mlcs4.i586.rpm
 8c8df6325509f7caa9268775a419c378 
 corporate/4.0/i586/postfix-pgsql-2.3.5-0.5.20060mlcs4.i586.rpm 
 e3379355ff572716b5b9bf2164df418d 
 corporate/4.0/SRPMS/postfix-2.3.5-0.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7a1c56854f3030fcc78d34810764057c 
 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.5.20060mlcs4.x86_64.rpm
 64d01272c055acc5268aa12ff0f8a10b 
 corporate/4.0/x86_64/postfix-2.3.5-0.5.20060mlcs4.x86_64.rpm
 00a4250ce0d4c56c85387dcca95fa19b 
 corporate/4.0/x86_64/postfix-ldap-2.3.5-0.5.20060mlcs4.x86_64.rpm
 04cca803fb70f5be040020d3d4681012 
 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.5.20060mlcs4.x86_64.rpm
 ed0b8a4b2f760e276682f6f7cc95099d 
 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.5.20060mlcs4.x86_64.rpm
 37c324de6183e06b7f60794067be77b2 
 corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.5.20060mlcs4.x86_64.rpm 
 e3379355ff572716b5b9bf2164df418d 
 corporate/4.0/SRPMS/postfix-2.3.5-0.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 11f008ad8c89ab4e640a3235649b64db 
 mes5/i586/libpostfix1-2.5.5-4.3mdvmes5.2.i586.rpm
 b6dee4eeaa6529d6c19e064073ca4bfd 
 mes5/i586/postfix-2.5.5-4.3mdvmes5.2.i586.rpm
 b629d951af5c059bec8b922f3d48de8b 
 mes5/i586/postfix-ldap-2.5.5-4.3mdvmes5.2.i586.rpm
 4e23142fa8be0fe036024b6721b86872 
 mes5/i586/postfix-mysql-2.5.5-4.3mdvmes5.2.i586.rpm
 e51571f2e700148d3bb75ee9236c66ba 
 mes5/i586/postfix-pcre-2.5.5-4.3mdvmes5.2.i586.rpm
 ccf639ecbcd748e41af6c18fcb83a138 
 mes5/i586/postfix-pgsql-2.5.5-4.3mdvmes5.2.i586.rpm 
 729ac6d22b6fd88f3aafa16695463e3b 
 mes5/SRPMS/postfix-2.5.5-4.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 752c0e249967550d1caa6e81ec755baa 
 mes5/x86_64/lib64postfix1-2.5.5-4.3mdvmes5.2.x86_64.rpm
 46aa5ec4e7bf18bcac028599294445d4 
 mes5/x86_64/postfix-2.5.5-4.3mdvmes5.2.x86_64.rpm
 2f4cf634db305c1dda1a2ac278861ee8 
 mes5/x86_64/postfix-ldap-2.5.5-4.3mdvmes5.2.x86_64.rpm
 959b62c6e4d198768d29bfc92540859e 
 mes5/x86_64/postfix-mysql-2.5.5-4.3mdvmes5.2.x86_64.rpm
 9e80f154a3a83c1c1585bb70c1657332 
 mes5/x86_64/postfix-pcre-2.5.5-4.3mdvmes5.2.x86_64.rpm
 738de86208f0979e091c24352ca4d818 
 mes5/x86_64/postfix-pgsql-2.5.5-4.3mdvmes5.2.x86_64.rpm 
 729ac6d22b6fd88f3aafa16695463e3b 
 mes5/SRPMS/postfix-2.5.5-4.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN0hVQmqjQ0CJFipgRAjEiAJ9C7+ACDr+I/i2Bm2NEfX34ujnsQgCdG++J
51W121JEcyzHEWKojcS07Go=
=EwJq
-----END PGP SIGNATURE-----


------------=_1305626050-2533-43
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1305626050-2533-43--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung