- Vulnerability/
- USN-6591-1
USN-6591-1: Postfix vulnerability
First published: Mon Jan 22 2024(Updated: )
Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/postfix | <3.8.1-2ubuntu0.1 | 3.8.1-2ubuntu0.1 |
| Ubuntu | =23.10 | |
| All of | ||
| ubuntu/postfix | <3.6.4-1ubuntu1.2 | 3.6.4-1ubuntu1.2 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/postfix | <3.4.13-0ubuntu1.3 | 3.4.13-0ubuntu1.3 |
| Ubuntu | =20.04 | |
| All of | ||
| ubuntu/postfix | <3.3.0-1ubuntu0.4+esm2 | 3.3.0-1ubuntu0.4+esm2 |
| Ubuntu | =18.04 | |
| All of | ||
| ubuntu/postfix | <3.1.0-3ubuntu0.4+esm2 | 3.1.0-3ubuntu0.4+esm2 |
| Ubuntu | =16.04 | |
| All of | ||
| ubuntu/postfix | <2.11.0-1ubuntu1.2+esm2 | 2.11.0-1ubuntu1.2+esm2 |
| Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-51764
- https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337
- https://ubuntu.com/security/notices/USN-6591-2
- https://launchpad.net/ubuntu/+source/postfix/3.8.1-2ubuntu0.1
- https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.2
- https://launchpad.net/ubuntu/+source/postfix/3.4.13-0ubuntu1.3
- https://ubuntu.com/security/notices/USN-6591-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-6591-1?
The severity of USN-6591-1 is categorized as potentially high due to the risk of email authentication bypass, allowing domain spoofing.
How do I fix USN-6591-1?
To fix USN-6591-1, update the Postfix package to the latest version according to your Ubuntu distribution.
Which versions of Postfix are affected by USN-6591-1?
USN-6591-1 affects Postfix versions prior to 3.8.1-2ubuntu0.1 for Ubuntu 23.10, as well as several other earlier versions.
What is the impact of USN-6591-1 if not addressed?
If not addressed, USN-6591-1 could allow remote attackers to impersonate trusted email domains and potentially conduct spam operations.
Is there a workaround for USN-6591-1?
While the best practice is to update Postfix, you may consider adjusting email settings to mitigate the effects of this vulnerability.
- agent/last-modified-date
- agent/title
- agent/severity
- agent/type
- agent/event
- agent/first-publish-date
- agent/description
- agent/references
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-6591-2
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/23.10
- version/ubuntu/22.04
- version/ubuntu/20.04
- version/ubuntu/18.04
- version/ubuntu/16.04
- version/ubuntu/14.04