USN-74-1: Postfix vulnerability
4 February 2005
Postfix vulnerability
Releases
Details
Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
postfix
-
In general, a standard system update will make all the necessary changes.