[slackware-security] postfix

New postfix packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/postfix-3.6.14-i586-1slack15.0.txz: Upgraded. Security inbound SMTP smuggling: with "smtpdforbidbarenewline = normalize" default "no...

USN-6591-1: Postfix vulnerability

Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address...

USN-6591-1 postfix vulnerability

Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix vulnerability (USN-6591-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-1 advisory. Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly u...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)

The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...

Slackware Linux 15.0 / current postfix Vulnerability (SSA:2024-022-01)

The version of postfix installed on the remote host is prior to 3.6.14 / 3.8.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-022-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3. A patched version of the package is available...

Fedora: Security Advisory (FEDORA-2024-c839e7294f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for postfix (FEDORA-2024-5c186175f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies

Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...

[SECURITY] Fedora 38 Update: postfix-3.7.9-1.fc38

Postfix is a Mail Transport Agent MTA...

[SECURITY] Fedora 39 Update: postfix-3.8.4-1.fc39

Postfix is a Mail Transport Agent MTA...

Postfix SMTP Smuggling Vulnerability (Dec 2023)

Postfix is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postfix:postfix"; ifdescripti...

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

The vulnerability of the Postfix mail server’s smtpd service allows attackers to circumvent security restrictions and carry out email substitution attacks (type of SMTP Smuggling attack).

The vulnerability of the Postfix mail server’s smtp daemon is related to insufficient verification of data authenticity when processing line endings other than . Exploiting this vulnerability allows a malicious actor to bypass security restrictions and replace emails a type of SMTP smuggling atta...

Fedora 39 : postfix (2024-c839e7294f)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c839e7294f advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...