SCIENTIFIC-LINUX-ERRATA Archives

April 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Date:
Thu, 7 Apr 2011 10:50:59 -0500
Reply-To:
Troy Dawson <[log in to unmask]>
Subject:
Security ERRATA Moderate: postfix on SL6.x i386/x86_64
MIME-Version:
1.0
Content-Transfer-Encoding:
7bit
Content-Type:
text/plain; charset=ISO-8859-1; format=flowed
From:
Troy Dawson <[log in to unmask]>
Comments:
To: "[log in to unmask]" <[log in to unmask]>
Parts/Attachments:
text/plain (28 lines) 
Synopsis:	Moderate: postfix security update
Issue date:	2011-04-06
CVE Names:	CVE-2011-0411

It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands 
into a victim's session during the plain text phase. This would lead to 
those commands being processed by Postfix after TLS encryption is 
enabled, possibly allowing the attacker to steal the victim's mail or 
authentication credentials. (CVE-2011-0411)

After installing this update, the postfix service will be restarted 
automatically.

SL 6.x

      SRPMS:
postfix-2.6.6-2.1.el6_0.src.rpm
      i386:
postfix-2.6.6-2.1.el6_0.i686.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm
      x86_64:
postfix-2.6.6-2.1.el6_0.x86_64.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2