==========================================================Ubuntu Security Notice USN-174-1 August 26, 2005
courier vulnerability CAN-2005-2151
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 0.47-3ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
A Denial of Service vulnerability has been discovered in the Courier
mail server. Due to a flawed status code check, failed DNS (domain
name service) queries for SPF (sender policy framework) were not
handled properly and could lead to memory corruption. A malicious DNS
server could exploit this to crash the Courier server.
However, SPF is not enabled by default, so you are only vulnerable if
you explicitly enabled it.
The Ubuntu 4.10 version of courier is not affected by this.