thr3ads.net - freebsd security - Wrong security audit for mail/postfix ? [May 2015]

If this information is useful, please help other people find it:
Share via:

Cristiano Deana

2015-May-11 07:38 UTC

Wrong security audit for mail/postfix ?

Hi,

this morning I got for my mailservers

 # pkg audit
postfix-2.11.4,1 is vulnerable:
postfix -- plaintext command injection with SMTP over TLS
CVE: CVE-2011-0411
WWW: http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html

postfix-2.11.4,1 is vulnerable:
Postfix -- memory corruption vulnerability
CVE: CVE-2011-1720
WWW: http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html

But this is a bug from 2011, and it's blocking new install or updates
of postfix packages.

Who should be warned of this?

Thank you.

-- 
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/

olli hauer

2015-May-11 08:35 UTC

head link

Wrong security audit for mail/postfix ?

On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano.deana at
gmail.com> wrote:> Hi,
> 
> this morning I got for my mailservers
> 
>  # pkg audit
> postfix-2.11.4,1 is vulnerable:
> postfix -- plaintext command injection with SMTP over TLS
> CVE: CVE-2011-0411
> WWW:
> http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html
> 
> postfix-2.11.4,1 is vulnerable:
> Postfix -- memory corruption vulnerability
> CVE: CVE-2011-1720
> WWW:
> http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html
> 
> But this is a bug from 2011, and it's blocking new install or updates
> of postfix packages.
> 
> Who should be warned of this?
> 
> Thank you.
Hi Cristiano,

this should be fixed.meanwhile.

Please run the command 
# pkg audit -F

-- 
Regards,
olli

freebsd security - May 2015 - Wrong security audit for mail/postfix ?

Wrong security audit for mail/postfix ?

Wrong security audit for mail/postfix ?