In association with heise online

« previous | next »
3 September 2008, 11:50

Another security update for Postfix

The open source mail transfer agent PostFix has has another security update. The update is specifically for Postfix 2.4 and later running on Linux 2.6 kernels, where a denial of service vulnerability has been found. Just over two weeks have passed since the last security update for PostFix.

The issue is, according to the advisory, down to a leak in file descriptors in the epoll call when non-Postfix commands are executed from, for example, a users .forward file. An attack could result in reduced performance or an automatic shutdown when internal safety mechanisms in Postfix detect a problem.

BSD and Solaris systems are unaffected by the issue because they use different mechanisms for high speed IO. A workaround is detailed in the advisory, and new versions of Postfix, 2.4.9, 2.5.5, and 2.6-20080902, are available on the Postfix site.

See also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-737149

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit