1 (edited by derchris 2011-03-08 21:24:24)

Topic: Bug in STARTTLS can run un-authorized code

Hi all,

there is a bug in STARTLS which can lead to running un-authorized code on the host

http://www.securityfocus.com/archive/1/ … 0/threaded

http://www.kb.cert.org/vuls/id/MORO-8ELH6Z

As far as I know it affects 2.7.3, but at the moment 2.7.1 is being used
Can you confirm if the postfix version used by iRedMail is affected or not?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Bug in STARTTLS can run un-authorized code

Most binary packages in iRedMail are installed from official software repositories of linux/bsd distribution, so you can simply wait for package update.