Pardus alert 2011-84 (postfix)
| From: | Meltem Parmaksız <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-84] postfix: Heap-Based Buffer Overread | |
| Date: | Tue, 21 Jun 2011 16:08:54 +0300 | |
| Message-ID: | <201106211608.54339.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-84 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-06-21 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in postfix, which allows remote attackers to cause a denial of service . Description =========== CVE-2011-1720: The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain yrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. Affected packages: Pardus 2009: postfix, all before 2.6.10-26-7 Resolution ========== There are update(s) for postfix. You can update them via Package Manager or with a single command from console: pisi up postfix References ========== * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720 * http://bugs.pardus.org.tr/show_bug.cgi?id=18281 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security