Slackware Local Security Checks : Slackware: Security Advisory (SSA:2024-022-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.13.2024.022.01

Category: Slackware Local Security Checks

Title: Slackware: Security Advisory (SSA:2024-022-01)

Summary: The remote host is missing an update for the 'postfix' package(s) announced via the SSA:2024-022-01 advisory.

Description: Summary:
The remote host is missing an update for the 'postfix' package(s) announced via the SSA:2024-022-01 advisory.

Vulnerability Insight:
New postfix packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/postfix-3.6.14-i586-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with 'smtpd_forbid_bare_newline
= normalize' (default 'no' for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
., and otherwise allows command or message
content lines ending in the non-standard , processing
them as if the client sent the standard .
The alternative setting, 'smtpd_forbid_bare_newline = reject'
will reject any command or message that contains a bare
, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with 'smtpd_forbid_bare_newline_exclusions =
$mynetworks'.
For more information, see:
[link moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'postfix' package(s) on Slackware 15.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.13.2024.022.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2024-022-01)
Summary:	The remote host is missing an update for the 'postfix' package(s) announced via the SSA:2024-022-01 advisory.
Description:	Summary: The remote host is missing an update for the 'postfix' package(s) announced via the SSA:2024-022-01 advisory. Vulnerability Insight: New postfix packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/postfix-3.6.14-i586-1_slack15.0.txz: Upgraded. Security (inbound SMTP smuggling): with 'smtpd_forbid_bare_newline = normalize' (default 'no' for Postfix < 3.9), the Postfix SMTP server requires the standard End-of-DATA sequence ., and otherwise allows command or message content lines ending in the non-standard , processing them as if the client sent the standard . The alternative setting, 'smtpd_forbid_bare_newline = reject' will reject any command or message that contains a bare , and is more likely to cause problems with legitimate clients. For backwards compatibility, local clients are excluded by default with 'smtpd_forbid_bare_newline_exclusions = $mynetworks'. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'postfix' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2024 Greenbone AG