UbuntuUpdates.org

Package "postfix"

Name: postfix

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LMDB map support for Postfix
  • SQLite map support for Postfix

Latest version: 3.6.4-1ubuntu1.3
Release: jammy (22.04)
Level: updates
Repository: universe

Links



Other versions of "postfix" in Jammy

Repository Area Version
base universe 3.6.4-1ubuntu1
base main 3.6.4-1ubuntu1
security main 3.6.4-1ubuntu1.3
security universe 3.6.4-1ubuntu1.3
updates main 3.6.4-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.4-1ubuntu1.3 2024-01-31 16:10:03 UTC

  postfix (3.6.4-1ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764-2.patch: improved fix with reduced
      risks of regression. Introduced
      "smtpd_forbid_bare_newline = normalize".
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Mon, 29 Jan 2024 16:02:43 +0800

Source diff to previous version
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c

Version: 3.6.4-1ubuntu1.2 2024-01-22 15:07:08 UTC

  postfix (3.6.4-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: SMTP smuggling (LP: #2049337)
    - debian/patches/CVE-2023-51764.patch: introduced
      `smtpd_forbid_bare_newline`. With "smtpd_forbid_bare_newline = yes",
       the Postfix SMTP server disconnects a remote SMTP client that
       sends a line ending in a 'bare newline'.
    - CVE-2023-51764

 -- Allen Huang <email address hidden> Tue, 16 Jan 2024 15:11:43 +0000

Source diff to previous version
2049337 CVE-2023-51764: SMTP smuggling
CVE-2023-51764 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=c

Version: 3.6.4-1ubuntu1.1 2023-04-19 17:23:02 UTC

  postfix (3.6.4-1ubuntu1.1) jammy; urgency=medium

  * d/p/1995312-unexpected-eof-fix.patch: Workaround for a breaking
    change in OpenSSL 3: always turn on SSL_OP_IGNORE_UNEXPECTED_EOF,
    to avoid warning messages and missed opportunities for TLS
    session reuse. This is safe because the SMTP protocol implements
    application-level framing, and is therefore not affected
    by TLS truncation attacks. Fix by Viktor Dukhovni (LP: #1995312).
  * d/p/1996524-Linux6-support.patch: Adding LINUX6 support for
    portability (LP: #1996524).

 -- Miriam EspaƱa Acebal <email address hidden> Mon, 10 Apr 2023 13:35:27 +0200

1995312 postfix dovecot tls error
1996524 Unknown system type: Linux 6



About   -   Send Feedback to @ubuntu_updates