PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges theoretically, this error should never occur … Im not sure if theres a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postsrsd | Postsrsd_project | * | 1.11 (excluding) |
| Postsrsd | Ubuntu | bionic | * |
| Postsrsd | Ubuntu | devel | * |
| Postsrsd | Ubuntu | esm-apps/bionic | * |
| Postsrsd | Ubuntu | esm-apps/focal | * |
| Postsrsd | Ubuntu | esm-apps/jammy | * |
| Postsrsd | Ubuntu | esm-apps/noble | * |
| Postsrsd | Ubuntu | focal | * |
| Postsrsd | Ubuntu | groovy | * |
| Postsrsd | Ubuntu | hirsute | * |
| Postsrsd | Ubuntu | impish | * |
| Postsrsd | Ubuntu | jammy | * |
| Postsrsd | Ubuntu | kinetic | * |
| Postsrsd | Ubuntu | lunar | * |
| Postsrsd | Ubuntu | mantic | * |
| Postsrsd | Ubuntu | noble | * |
| Postsrsd | Ubuntu | oracular | * |
| Postsrsd | Ubuntu | plucky | * |
| Postsrsd | Ubuntu | questing | * |
| Postsrsd | Ubuntu | trusty | * |
| Postsrsd | Ubuntu | upstream | * |
| Postsrsd | Ubuntu | xenial | * |
References
- https://bugs.gentoo.org/793674
- https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
- https://github.com/roehling/postsrsd/releases/tag/1.11
- https://security.gentoo.org/glsa/202107-08
- https://bugs.gentoo.org/793674
- https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
- https://github.com/roehling/postsrsd/releases/tag/1.11
- https://security.gentoo.org/glsa/202107-08