In association with heise online

03 September 2008, 10:50

Another security update for Postfix

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The open source mail transfer agent PostFix has has another security update. The update is specifically for Postfix 2.4 and later running on Linux 2.6 kernels, where a denial of service vulnerability has been found. Just over two weeks have passed since the last security update for PostFix.

The issue is, according to the advisory, down to a leak in file descriptors in the epoll call when non-Postfix commands are executed from, for example, a users .forward file. An attack could result in reduced performance or an automatic shutdown when internal safety mechanisms in Postfix detect a problem.

BSD and Solaris systems are unaffected by the issue because they use different mechanisms for high speed IO. A workaround is detailed in the advisory, and new versions of Postfix, 2.4.9, 2.5.5, and 2.6-20080902, are available on the Postfix site.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit