1 Topic by derchris (edited by derchris 2011-03-08 21:24:24)

  • derchris
  • Member
  • Offline
  • Registered: 2010-03-15
  • Posts: 53

Topic: Bug in STARTTLS can run un-authorized code

Hi all,

there is a bug in STARTLS which can lead to running un-authorized code on the host

http://www.securityfocus.com/archive/1/ … 0/threaded

http://www.kb.cert.org/vuls/id/MORO-8ELH6Z

As far as I know it affects 2.7.3, but at the moment 2.7.1 is being used
Can you confirm if the postfix version used by iRedMail is affected or not?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Bug in STARTTLS can run un-authorized code

Most binary packages in iRedMail are installed from official software repositories of linux/bsd distribution, so you can simply wait for package update.