- Vulnerability/
- USN-6591-2
USN-6591-2: Postfix update
First published: Wed Jan 31 2024(Updated: )
USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory details: Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/postfix | <3.8.1-2ubuntu0.2 | 3.8.1-2ubuntu0.2 |
| Ubuntu Ubuntu | =23.10 | |
| All of | ||
| ubuntu/postfix | <3.6.4-1ubuntu1.3 | 3.6.4-1ubuntu1.3 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/postfix | <3.4.13-0ubuntu1.4 | 3.4.13-0ubuntu1.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/postfix | <3.3.0-1ubuntu0.4+esm3 | 3.3.0-1ubuntu0.4+esm3 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/postfix | <3.1.0-3ubuntu0.4+esm3 | 3.1.0-3ubuntu0.4+esm3 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/postfix | <2.11.0-1ubuntu1.2+esm3 | 2.11.0-1ubuntu1.2+esm3 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-51764
- https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337
- https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2050834
- https://ubuntu.com/security/notices/USN-6591-1
- https://launchpad.net/ubuntu/+source/postfix/3.8.1-2ubuntu0.2
- https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3
- https://launchpad.net/ubuntu/+source/postfix/3.4.13-0ubuntu1.4
- https://ubuntu.com/security/notices/USN-6591-2 (Advisory)
- collector/usn
- source/Ubuntu
- anchor-related/USN-6591-1
- agent/software-canonical-lookup
- agent/severity
- agent/title
- agent/last-modified-date
- agent/references
- agent/type
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04