USN-4621-1: netqmail vulnerabilities
5 November 2020
netqmail could be made to crash if it received specially crafted input.
Releases
Packages
- netqmail - a secure, reliable, efficient, simple message transfer agent
Details
It was discovered that netqmail did not properly handle certain input. Both
remote and local attackers could use this vulnerability to cause netqmail
to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,
CVE-2005-1515)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this to bypass email
address validation. (CVE-2020-3811)
It was discovered that netqmail did not properly handle certain input when
validating email addresses. An attacker could use this vulnerability to
cause netqmail to disclose sensitive information. (CVE-2020-3812)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.