U radu programskog paketa Postfix, za Fedoru 13 i 14, otkriven je novi sigurnosni propust. Riječ je o poslužitelju za prosljeđivanje i dostavu poruka elektroničke pošte. Problem nastaje u nepravilnom ograničavanju I/O (eng. Input/Output) međupohrane što omogućuje udaljenim napadačima ubacivanje proizvoljnih naredbi u SMTP sjednicu te krađu korisničkih podataka izvođenjem MITM (eng. Man-In-The-Middle) napada. Svim se korisnicima ranjivog paketa preporuča primjena novih, poboljšanih inačica programskog paketa u svrhu rješavanja spomenutog problema.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3394
2011-03-15 21:10:39
--------------------------------------------------------------------------------
Name : postfix
Product : Fedora 14
Version : 2.7.3
Release : 1.fc14
URL : http://www.postfix.org
Summary : Postfix Mail Transport Agent
Description :
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes the CVE-2011-0411 and other bugs.
For more details about the CVE-2011-0411 see:
http://www.postfix.org/CVE-2011-0411.html
For full list of changes see changelog that is available from:
http://www.postfix.org/download.html
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 13 2011 Jaroslav Å karvada <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.7.3-1
- update to 2.7.3
fixes CVE-2011-0411 (#683168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #674814 - CVE-2011-0411 postfix: SMTP commands injection during
plaintext to TLS session switch
https://bugzilla.redhat.com/show_bug.cgi?id=674814
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update postfix' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3355
2011-03-15 21:08:59
--------------------------------------------------------------------------------
Name : postfix
Product : Fedora 13
Version : 2.7.3
Release : 1.fc13
URL : http://www.postfix.org
Summary : Postfix Mail Transport Agent
Description :
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
TLS
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes the CVE-2011-0411 and other bugs.
For more details about the CVE-2011-0411 see:
http://www.postfix.org/CVE-2011-0411.html
For full list of changes see changelog that is available from:
http://www.postfix.org/download.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 14 2011 Jaroslav Å karvada <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2:2.7.3-1
- update to 2.7.3
fixes CVE-2011-0411 (#683168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #674814 - CVE-2011-0411 postfix: SMTP commands injection during
plaintext to TLS session switch
https://bugzilla.redhat.com/show_bug.cgi?id=674814
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update postfix' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke