USN-4556-1: netqmail vulnerabilities

Releases

• Ubuntu 20.04 LTS

Packages

• netqmail - a secure, reliable, efficient, simple message transfer agent

Details

It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)

It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)

It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• qmail - 1.06-6.2~deb10u1build0.20.04.1
• qmail-uids-gids - 1.06-6.2~deb10u1build0.20.04.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2005-1513
• CVE-2005-1514
• CVE-2005-1515
• CVE-2020-3811
• CVE-2020-3812

Related notices

• USN-4621-1: netqmail, qmail-uids-gids, qmail