USN-6591-2

Source
https://ubuntu.com/security/notices/USN-6591-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6591-2
Related
Published
2024-01-31T13:34:03.357904Z
Modified
2024-01-31T13:34:03.357904Z
Summary
postfix update
Details

USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability.

We apologize for the inconvenience.

Original advisory details:

Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming.

Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html.

References

Affected packages

Ubuntu:Pro:14.04:LTS / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0-1ubuntu1.2+esm3

Affected versions

2.*

2.10.2-1
2.10.2-1build1
2.11.0-1
2.11.0-1ubuntu1
2.11.0-1ubuntu1.2
2.11.0-1ubuntu1.2+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-dev"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "2.11.0-1ubuntu1.2+esm3",
            "binary_name": "postfix-pgsql"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0-3ubuntu0.4+esm3

Affected versions

2.*

2.11.3-1ubuntu2
2.11.3-1ubuntu3

3.*

3.0.4-1ubuntu1
3.0.4-2
3.0.4-3
3.0.4-5
3.0.4-5build1
3.1.0-3
3.1.0-3ubuntu0.1
3.1.0-3ubuntu0.2
3.1.0-3ubuntu0.3
3.1.0-3ubuntu0.4
3.1.0-3ubuntu0.4+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-dev"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "3.1.0-3ubuntu0.4+esm3",
            "binary_name": "postfix-pgsql"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0-1ubuntu0.4+esm3

Affected versions

3.*

3.2.3-1
3.2.3-1build1
3.2.4-1
3.2.5-1
3.2.5-1build1
3.3.0-1
3.3.0-1ubuntu0.1
3.3.0-1ubuntu0.2
3.3.0-1ubuntu0.3
3.3.0-1ubuntu0.4
3.3.0-1ubuntu0.4+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-cdb-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-ldap-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-lmdb"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-lmdb-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-mysql-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-pcre-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-pgsql"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-pgsql-dbgsym"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-sqlite"
        },
        {
            "binary_version": "3.3.0-1ubuntu0.4+esm3",
            "binary_name": "postfix-sqlite-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.13-0ubuntu1.4

Affected versions

3.*

3.4.5-1ubuntu1
3.4.7-1
3.4.7-2
3.4.8-1
3.4.9-1
3.4.10-1
3.4.10-1ubuntu1
3.4.13-0ubuntu1
3.4.13-0ubuntu1.1
3.4.13-0ubuntu1.2
3.4.13-0ubuntu1.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-cdb-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-ldap-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-lmdb"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-lmdb-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-mysql-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-pcre-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-pgsql"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-pgsql-dbgsym"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-sqlite"
        },
        {
            "binary_version": "3.4.13-0ubuntu1.4",
            "binary_name": "postfix-sqlite-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.4-1ubuntu1.3

Affected versions

3.*

3.5.6-1ubuntu2
3.5.13-1ubuntu1
3.5.13-1ubuntu2
3.5.13-1ubuntu3
3.6.3-4ubuntu1
3.6.3-5ubuntu1
3.6.3-5ubuntu2
3.6.4-1ubuntu1
3.6.4-1ubuntu1.1
3.6.4-1ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-cdb-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-ldap-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-lmdb"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-lmdb-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-mysql-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-pcre-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-pgsql"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-pgsql-dbgsym"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-sqlite"
        },
        {
            "binary_version": "3.6.4-1ubuntu1.3",
            "binary_name": "postfix-sqlite-dbgsym"
        }
    ]
}

Ubuntu:23.10 / postfix

Package

Name
postfix
Purl
pkg:deb/ubuntu/postfix?arch=src?distro=mantic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.1-2ubuntu0.2

Affected versions

3.*

3.7.4-2build1
3.7.5-2
3.8.1-1
3.8.1-2
3.8.1-2ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-cdb"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-cdb-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-doc"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-ldap"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-ldap-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-lmdb"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-lmdb-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-mysql"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-mysql-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-pcre"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-pcre-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-pgsql"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-pgsql-dbgsym"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-sqlite"
        },
        {
            "binary_version": "3.8.1-2ubuntu0.2",
            "binary_name": "postfix-sqlite-dbgsym"
        }
    ]
}