Synopsis: Moderate: postfix security update
Issue date: 2011-04-06
CVE Names: CVE-2011-0411
It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands
into a victim's session during the plain text phase. This would lead to
those commands being processed by Postfix after TLS encryption is
enabled, possibly allowing the attacker to steal the victim's mail or
authentication credentials. (CVE-2011-0411)
After installing this update, the postfix service will be restarted
automatically.
SL 6.x
SRPMS:
postfix-2.6.6-2.1.el6_0.src.rpm
i386:
postfix-2.6.6-2.1.el6_0.i686.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm
x86_64:
postfix-2.6.6-2.1.el6_0.x86_64.rpm
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm
- Scientific Linux Development Team