Red Hat Product Errata RHSA-2011:0423 - Security Advisory
Issued:
2011-04-06
Updated:
2011-04-06

RHSA-2011:0423 - Security Advisory

Synopsis

Moderate: postfix security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated postfix packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

It was discovered that Postfix did not flush the received SMTP commands
buffer after switching to TLS encryption for an SMTP session. A
man-in-the-middle attacker could use this flaw to inject SMTP commands into
a victim's session during the plain text phase. This would lead to those
commands being processed by Postfix after TLS encryption is enabled,
possibly allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-0411)

Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The
CERT/CC acknowledges Wietse Venema as the original reporter.

Users of Postfix are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the postfix service will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

  • BZ - 674814 - CVE-2011-0411 postfix: SMTP commands injection during plaintext to TLS session switch

Red Hat Enterprise Linux Server 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux Workstation 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux Desktop 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
s390x
postfix-2.6.6-2.1.el6_0.s390x.rpm SHA-256: ff0b037e0ba14ff56ea961090bc5105a66bf4f7624680bacf00d7a4c39401e2c
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-perl-scripts-2.6.6-2.1.el6_0.s390x.rpm SHA-256: 791a63e30f79eedc3d6a22143c448b588fb9a29c53b8680699fa62487627e550

Red Hat Enterprise Linux for Power, big endian 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
ppc64
postfix-2.6.6-2.1.el6_0.ppc64.rpm SHA-256: eb6554efb96e66c9ab193e1bd1395f293aaf16d732a350ab511befd60053ffb7
postfix-debuginfo-2.6.6-2.1.el6_0.ppc64.rpm SHA-256: 8dd6c3470143f5c18ff25c7c71e19f36d4ee6ca794ccc3248534c00b084f5e84
postfix-debuginfo-2.6.6-2.1.el6_0.ppc64.rpm SHA-256: 8dd6c3470143f5c18ff25c7c71e19f36d4ee6ca794ccc3248534c00b084f5e84
postfix-perl-scripts-2.6.6-2.1.el6_0.ppc64.rpm SHA-256: e8c759fe5574c05f01bf1f8492c232f79f25e4559abd4f2e48ee72c1b1798975

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27

Red Hat Enterprise Linux Server from RHUI 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
s390x
postfix-2.6.6-2.1.el6_0.s390x.rpm SHA-256: ff0b037e0ba14ff56ea961090bc5105a66bf4f7624680bacf00d7a4c39401e2c
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-perl-scripts-2.6.6-2.1.el6_0.s390x.rpm SHA-256: 791a63e30f79eedc3d6a22143c448b588fb9a29c53b8680699fa62487627e550

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
x86_64
postfix-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: c39c9a38bd5f1fbbfe718e4b836111daeb7a616ae13e3f0695c045243e8993ea
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-debuginfo-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: 93cc02220cf7b4371eb95051ce2ca45ec9b66250734da7151b7efa783061bdc3
postfix-perl-scripts-2.6.6-2.1.el6_0.x86_64.rpm SHA-256: e9f7d0ef719d5d403913ddd50e7c07c182a9b0cb94c217a753ea2be061a72d27
i386
postfix-2.6.6-2.1.el6_0.i686.rpm SHA-256: 6303720a0921eba36ed544b3a0dc73d3f92fc6473a65d232595b30c375510440
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-debuginfo-2.6.6-2.1.el6_0.i686.rpm SHA-256: bc48c955c37071456134e8ee948b1029e73d34277c58d90842ea0d459c1a93a3
postfix-perl-scripts-2.6.6-2.1.el6_0.i686.rpm SHA-256: a9f5f5eec877f673cc2f9eb86429b4bf4f626cabdd84607bbd38dc8a84c77e0e

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
postfix-2.6.6-2.1.el6_0.src.rpm SHA-256: 9e9d046d00443a1e7a8bc34f692588d290408da1a4ab3625278f57f496c95928
s390x
postfix-2.6.6-2.1.el6_0.s390x.rpm SHA-256: ff0b037e0ba14ff56ea961090bc5105a66bf4f7624680bacf00d7a4c39401e2c
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-debuginfo-2.6.6-2.1.el6_0.s390x.rpm SHA-256: f331d78b550edec1e07830f7aff598c64cf51fb1acfcba519f28aa125b3b31ce
postfix-perl-scripts-2.6.6-2.1.el6_0.s390x.rpm SHA-256: 791a63e30f79eedc3d6a22143c448b588fb9a29c53b8680699fa62487627e550

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.