security fixes

Gavin McCullagh gavin.mccullagh at gcd.ie
Thu May 26 18:36:56 CEST 2011


Hi guys,

I don't mean to be a pain, but has anyone got an answer on this.  It's
pretty important to us and I imagine other users.

Gavin

On Wed, 11 May 2011, Gavin McCullagh wrote:

> Hi,
> 
> there have been several security bugs in Postfix recently (and I believe
> there was one in Cyrus).  I realise Kolab is a small operation, but I've
> not seen much in the way of security disclosures.  
> 
> I see these, the last one of which was 16 months ago. 
> 
> http://www.kolab.org/security/kolab-vendor-notice-27.txt
> 
> Is that really the last security flaw in the kolab distribution?
> 
> Gavin
> 
> ----- Forwarded message from Marc Deslauriers <marc.deslauriers at canonical.com> -----
> 
> From: Marc Deslauriers <marc.deslauriers at canonical.com>
> Subject: [USN-1131-1] Postfix vulnerability
> To: ubuntu-security-announce at lists.ubuntu.com
> Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
> Date: Wed, 11 May 2011 05:54:37 -0400
> Reply-To: ubuntu-users at lists.ubuntu.com, Ubuntu Security <security at ubuntu.com>
> 
> ==========================================================================
> Ubuntu Security Notice USN-1131-1
> May 11, 2011
> 
> postfix vulnerability
> ==========================================================================
> 
> A security issue affects these releases of Ubuntu and its derivatives:
> 
> - Ubuntu 11.04
> - Ubuntu 10.10
> - Ubuntu 10.04 LTS
> - Ubuntu 8.04 LTS
> - Ubuntu 6.06 LTS
> 
> Summary:
> 
> An attacker could send crafted input to Postfix and cause it to crash or
> run programs.
> 
> Software Description:
> - postfix: High-performance mail transport agent
> 
> Details:
> 
> Thomas Jarosch discovered that Postfix incorrectly handled authentication
> mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used.
> A remote attacker could use this to cause Postfix to crash, leading to a
> denial of service, or possibly execute arbitrary code as the postfix user.
> 
> Update instructions:
> 
> The problem can be corrected by updating your system to the following
> package versions:
> 
> Ubuntu 11.04:
>   postfix                         2.8.2-1ubuntu2.1
> 
> Ubuntu 10.10:
>   postfix                         2.7.1-1ubuntu0.2
> 
> Ubuntu 10.04 LTS:
>   postfix                         2.7.0-1ubuntu0.2
> 
> Ubuntu 8.04 LTS:
>   postfix                         2.5.1-2ubuntu1.4
> 
> Ubuntu 6.06 LTS:
>   postfix                         2.2.10-1ubuntu0.4
> 
> In general, a standard system update will make all the necessary changes.
> 
> References:
>   CVE-2011-1720
> 
> Package Information:
>   https://launchpad.net/ubuntu/+source/postfix/2.8.2-1ubuntu2.1
>   https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.2
>   https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.2
>   https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.4
>   https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.4
> 
> 
> 
> 
> 
> -- 
> ubuntu-security-announce mailing list
> ubuntu-security-announce at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
> 
> 
> ----- End forwarded message -----
> 
> -- 
> Gavin McCullagh
> Senior System Administrator
> IT Services
> Griffith College 
> South Circular Road
> Dublin 8
> Ireland
> Tel: +353 1 4163365
> http://www.gcd.ie
> http://www.gcd.ie/brochure.pdf
> http://www.gcd.ie/opendays
> http://www.gcd.ie/ebrochure
> 
> This E-mail is from Griffith College.
> The E-mail and any files transmitted with it are confidential and may be
> privileged and are intended solely for the use of the individual or entity
> to whom they are addressed. If you are not the addressee you are prohibited
> from disclosing its content, copying it or distributing it otherwise than to
> the addressee. If you have received this e-mail in error, please immediately
> notify the sender by replying to this e-mail and delete the e-mail from your
> computer.
> 
> Bellerophon Ltd, trades as Griffith College (registered in Ireland No.
> 60469) with its registered address as Griffith College Campus, South
> Circular Road, Dublin 8, Ireland.
> 
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users

-- 
Gavin McCullagh
Senior System Administrator
IT Services
Griffith College 
South Circular Road
Dublin 8
Ireland
Tel: +353 1 4163365
http://www.gcd.ie
http://www.gcd.ie/brochure.pdf
http://www.gcd.ie/opendays
http://www.gcd.ie/ebrochure

This E-mail is from Griffith College.
The E-mail and any files transmitted with it are confidential and may be
privileged and are intended solely for the use of the individual or entity
to whom they are addressed. If you are not the addressee you are prohibited
from disclosing its content, copying it or distributing it otherwise than to
the addressee. If you have received this e-mail in error, please immediately
notify the sender by replying to this e-mail and delete the e-mail from your
computer.

Bellerophon Ltd, trades as Griffith College (registered in Ireland No.
60469) with its registered address as Griffith College Campus, South
Circular Road, Dublin 8, Ireland.




More information about the users mailing list