Release Info

Advisory: CLSA-2025:1738267482

OS: AlmaLinux 9.2 ESU

Public date: 2025-01-30 15:04:45

Project: postfix

Version: 3.5.9-19.el9.tuxcare.els1

Errata link: https://errata.tuxcare.com/almalinux9.2-esu/CLSA-2025-1738267482.html

Changelog

- CVE-2023-51764: Improvements for inbound SMTP smuggling defense. Reject or restrict input lines from an SMTP client that end in bare new line. Replace each stray <CR> or <LF> character in message content with a space character, to prevent outbound SMTP smuggling To prevent the SMTP smuggling vulnerability, the option "smtpd_forbid_bare_newline = reject" must be set.

Update

Update command: dnf update postfix*

Packages list

postfix-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-cdb-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-ldap-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-lmdb-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-mysql-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-pcre-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-perl-scripts-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-pgsql-3.5.9-19.el9.tuxcare.els1.x86_64.rpm postfix-sqlite-3.5.9-19.el9.tuxcare.els1.x86_64.rpm

CVEs

CVE-2023-51764