Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 18.04/16.04: USN-4621-1 Moderate: Netqmail Input Handling Issues

ubuntu
Calendar Grey November 6, 2020
Dist Ubuntu Esm H88
The latest Ubuntu Security Notice USN-4621-1 highlights issues in netqmail, which could lead to system instability through specially designed inputs.
netqmail could be made to crash if it received specially crafted input.

Summary

netqmail could be made to crash if it received specially crafted

input.

Software Description:

- netqmail: a secure, reliable, efficient, simple message transfer agent

Details:

It was discovered that netqmail did not properly handle certain input. Both

remote and local attackers could use this vulnerability to cause netqmail

to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514,

CVE-2005-1515)

It was discovered that netqmail did not properly handle certain input when

validating email addresses. An attacker could use this to bypass email

address validation. (CVE-2020-3811)

It was discovered that netqmail did not properly handle certain input when

validating email addresses. An attacker could use this vulnerability to

cause netqmail to disclose sensitive information. (CVE-2020-3812)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  qmail                           1.06-6.2~deb10u1build0.18.04.1

Ubuntu 16.04 LTS:
  qmail                           1.06-6.2~deb10u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4621-1

CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811,

CVE-2020-3812

November 05, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here