Univention Bugzilla – Bug 57030
postfix: Multiple issues (5.0)
Last modified: 2024-02-07 12:10:19 CET
New Debian postfix 3.4.23-0+deb10u2 fixes: This update addresses the following issue: 3.4.23-0+deb10u2 (Sun, 28 Jan 2024 13:40:18 +0000) [Bastien Roucariès] * Non-maintainer upload by the LTS Security Team. * Allow to build with kernel from backport [Wietse Venema] * Fix CVE-2023-51764: Postfix allowed SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.
--- mirror/ftp/pool/main/p/postfix/postfix_3.4.23-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/postfix_3.4.23-0+deb10u2.dsc @@ -1,3 +1,20 @@ +3.4.23-0+deb10u2 [Sun, 28 Jan 2024 13:40:18 +0000] Bastien Roucariès <rouca@debian.org>: + + [Bastien Roucariès] + + * Non-maintainer upload by the LTS Security Team. + * Allow to build with kernel from backport + + [Wietse Venema] + + * Fix CVE-2023-51764: Postfix allowed SMTP smuggling + unless configured with + smtpd_data_restrictions=reject_unauth_pipelining and + smtpd_discard_ehlo_keywords=chunking. + Remote attackers can use a published exploitation technique + to inject e-mail messages with a spoofed MAIL FROM address, + allowing bypass of an SPF protection mechanism. + 3.4.23-0+deb10u1 [Fri, 07 Jan 2022 11:04:17 -0500] Scott Kitterman <scott@kitterman.com>: [Scott Kitterman] <http://piuparts.knut.univention.de/5.0-6/#5774657638468728130>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] 5ed3d12e9a Bug #57030: postfix 3.4.23-0+deb10u2 doc/errata/staging/postfix.yaml | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) [5.0-6] 32cda99265 Bug #57030: postfix 3.4.23-0+deb10u2 doc/errata/staging/postfix.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x951>