-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:045 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postfix Date : March 16, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS (CVE-2011-0411). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/archive/1/516901/30/0/threaded _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm Mandriva Linux 2010.0: f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm Corporate 4.0: 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNgKjqmqjQ0CJFipgRAvrzAJ9gJSdlaBzy7iwdgFmIfZkXv0IEKQCeP1ke vU25cnZhXdC1kp2Vc0S3c+I= =lOmR -----END PGP SIGNATURE-----