security fixes

Skip Morse skipmorse at gmail.com
Thu May 26 18:38:54 CEST 2011


I second that, I don't have an answer, but I'm interested too.

Thanks
-Skip

On Thu, May 26, 2011 at 9:36 AM, Gavin McCullagh <gavin.mccullagh at gcd.ie> wrote:
> Hi guys,
>
> I don't mean to be a pain, but has anyone got an answer on this.  It's
> pretty important to us and I imagine other users.
>
> Gavin
>
> On Wed, 11 May 2011, Gavin McCullagh wrote:
>
>> Hi,
>>
>> there have been several security bugs in Postfix recently (and I believe
>> there was one in Cyrus).  I realise Kolab is a small operation, but I've
>> not seen much in the way of security disclosures.
>>
>> I see these, the last one of which was 16 months ago.
>>
>> http://www.kolab.org/security/kolab-vendor-notice-27.txt
>>
>> Is that really the last security flaw in the kolab distribution?
>>
>> Gavin
>>
>> ----- Forwarded message from Marc Deslauriers <marc.deslauriers at canonical.com> -----
>>
>> From: Marc Deslauriers <marc.deslauriers at canonical.com>
>> Subject: [USN-1131-1] Postfix vulnerability
>> To: ubuntu-security-announce at lists.ubuntu.com
>> Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
>> Date: Wed, 11 May 2011 05:54:37 -0400
>> Reply-To: ubuntu-users at lists.ubuntu.com, Ubuntu Security <security at ubuntu.com>
>>
>> ==========================================================================
>> Ubuntu Security Notice USN-1131-1
>> May 11, 2011
>>
>> postfix vulnerability
>> ==========================================================================
>>
>> A security issue affects these releases of Ubuntu and its derivatives:
>>
>> - Ubuntu 11.04
>> - Ubuntu 10.10
>> - Ubuntu 10.04 LTS
>> - Ubuntu 8.04 LTS
>> - Ubuntu 6.06 LTS
>>
>> Summary:
>>
>> An attacker could send crafted input to Postfix and cause it to crash or
>> run programs.
>>
>> Software Description:
>> - postfix: High-performance mail transport agent
>>
>> Details:
>>
>> Thomas Jarosch discovered that Postfix incorrectly handled authentication
>> mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used.
>> A remote attacker could use this to cause Postfix to crash, leading to a
>> denial of service, or possibly execute arbitrary code as the postfix user.
>>
>> Update instructions:
>>
>> The problem can be corrected by updating your system to the following
>> package versions:
>>
>> Ubuntu 11.04:
>>   postfix                         2.8.2-1ubuntu2.1
>>
>> Ubuntu 10.10:
>>   postfix                         2.7.1-1ubuntu0.2
>>
>> Ubuntu 10.04 LTS:
>>   postfix                         2.7.0-1ubuntu0.2
>>
>> Ubuntu 8.04 LTS:
>>   postfix                         2.5.1-2ubuntu1.4
>>
>> Ubuntu 6.06 LTS:
>>   postfix                         2.2.10-1ubuntu0.4
>>
>> In general, a standard system update will make all the necessary changes.
>>
>> References:
>>   CVE-2011-1720
>>
>> Package Information:
>>   https://launchpad.net/ubuntu/+source/postfix/2.8.2-1ubuntu2.1
>>   https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.2
>>   https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.2
>>   https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.4
>>   https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.4
>>
>>
>>
>>
>>
>> --
>> ubuntu-security-announce mailing list
>> ubuntu-security-announce at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>>
>>
>> ----- End forwarded message -----
>>
>> --
>> Gavin McCullagh
>> Senior System Administrator
>> IT Services
>> Griffith College
>> South Circular Road
>> Dublin 8
>> Ireland
>> Tel: +353 1 4163365
>> http://www.gcd.ie
>> http://www.gcd.ie/brochure.pdf
>> http://www.gcd.ie/opendays
>> http://www.gcd.ie/ebrochure
>>
>> This E-mail is from Griffith College.
>> The E-mail and any files transmitted with it are confidential and may be
>> privileged and are intended solely for the use of the individual or entity
>> to whom they are addressed. If you are not the addressee you are prohibited
>> from disclosing its content, copying it or distributing it otherwise than to
>> the addressee. If you have received this e-mail in error, please immediately
>> notify the sender by replying to this e-mail and delete the e-mail from your
>> computer.
>>
>> Bellerophon Ltd, trades as Griffith College (registered in Ireland No.
>> 60469) with its registered address as Griffith College Campus, South
>> Circular Road, Dublin 8, Ireland.
>>
>> _______________________________________________
>> Kolab-users mailing list
>> Kolab-users at kolab.org
>> https://kolab.org/mailman/listinfo/kolab-users
>
> --
> Gavin McCullagh
> Senior System Administrator
> IT Services
> Griffith College
> South Circular Road
> Dublin 8
> Ireland
> Tel: +353 1 4163365
> http://www.gcd.ie
> http://www.gcd.ie/brochure.pdf
> http://www.gcd.ie/opendays
> http://www.gcd.ie/ebrochure
>
> This E-mail is from Griffith College.
> The E-mail and any files transmitted with it are confidential and may be
> privileged and are intended solely for the use of the individual or entity
> to whom they are addressed. If you are not the addressee you are prohibited
> from disclosing its content, copying it or distributing it otherwise than to
> the addressee. If you have received this e-mail in error, please immediately
> notify the sender by replying to this e-mail and delete the e-mail from your
> computer.
>
> Bellerophon Ltd, trades as Griffith College (registered in Ireland No.
> 60469) with its registered address as Griffith College Campus, South
> Circular Road, Dublin 8, Ireland.
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>




More information about the users mailing list