Wrong security audit for mail/postfix ?
olli hauer
ohauer at gmx.de
Mon May 11 08:36:05 UTC 2015
On May 11, 2015 9:38:46 AM CEST, Cristiano Deana <cristiano.deana at gmail.com> wrote:
> Hi,
>
> this morning I got for my mailservers
>
> # pkg audit
> postfix-2.11.4,1 is vulnerable:
> postfix -- plaintext command injection with SMTP over TLS
> CVE: CVE-2011-0411
> WWW:
> http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html
>
> postfix-2.11.4,1 is vulnerable:
> Postfix -- memory corruption vulnerability
> CVE: CVE-2011-1720
> WWW:
> http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html
>
> But this is a bug from 2011, and it's blocking new install or updates
> of postfix packages.
>
> Who should be warned of this?
>
> Thank you.
Hi Cristiano,
this should be fixed.meanwhile.
Please run the command
# pkg audit -F
--
Regards,
olli
More information about the freebsd-security
mailing list