CVE-2023-51764: SMTP smuggling
Bug #2049337 reported by
Olaf Meeuwissen
This bug affects 4 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| postfix (Ubuntu) |
Fix Released
|
Undecided
|
Allen Huang | ||
Bug Description
I noticed this by way of a Debian stable update announcement and upgrade my Debian machines on 2024-01-10. Looking for an update for my Ubuntu 22.04LTS hosts I didn't find any.
Please address this security issue.
Links:
- https:/
- https:/
PS: According to the Postfix URL, exim and sendmail are also affected so you might want to look into that as well.
CVE References
| information type: | Private Security → Public Security |
| Changed in postfix (Ubuntu): | |
| assignee: | nobody → Allen Huang (allenpthuang) |
| status: | New → In Progress |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in postfix (Ubuntu): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in postfix (Ubuntu): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in postfix (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package postfix - 3.8.1-2ubuntu0.1
---------------
postfix (3.8.1-2ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337)
- debian/
`
the Postfix SMTP server disconnects a remote SMTP client that
sends a line ending in a 'bare newline'.
- CVE-2023-51764
-- Allen Huang <email address hidden> Fri, 19 Jan 2024 12:30:34 +0000