Ubuntu Security Notice USN-74-1
4th February, 2005
postfix vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Jean-Samuel Reynaud noticed a programming error in the IPv6 handling
code of Postfix when /proc/net/if_inet6 is not available (which is the
case in Ubuntu since Postfix runs in a chroot). If "permit_mx_backup"
was enabled in the "smtpd_recipient_restrictions", Postfix turned into
an open relay, i. e. erroneously permitted the delivery of arbitrary
mail to any MX host which has an IPv6 address.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- postfix
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None