Ubuntu Security Notice USN-174-1
26th August, 2005
courier vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
Details
A Denial of Service vulnerability has been discovered in the Courier
mail server. Due to a flawed status code check, failed DNS (domain
name service) queries for SPF (sender policy framework) were not
handled properly and could lead to memory corruption. A malicious DNS
server could exploit this to crash the Courier server.
However, SPF is not enabled by default, so you are only vulnerable if
you explicitly enabled it.
The Ubuntu 4.10 version of courier is not affected by this.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- courier-base
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None