CVE-2023-51764: SMTP smuggling
Bug #2049337 reported by
Olaf Meeuwissen
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Fix Released
|
Undecided
|
Allen Huang |
Bug Description
I noticed this by way of a Debian stable update announcement and upgrade my Debian machines on 2024-01-10. Looking for an update for my Ubuntu 22.04LTS hosts I didn't find any.
Please address this security issue.
Links:
- https:/
- https:/
PS: According to the Postfix URL, exim and sendmail are also affected so you might want to look into that as well.
CVE References
information type: | Private Security → Public Security |
Changed in postfix (Ubuntu): | |
assignee: | nobody → Allen Huang (allenpthuang) |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package postfix - 3.8.1-2ubuntu0.1
---------------
postfix (3.8.1-2ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: SMTP smuggling (LP: #2049337) patches/ CVE-2023- 51764.patch: introduced smtpd_forbid_ bare_newline` . With "smtpd_ forbid_ bare_newline = yes",
- debian/
`
the Postfix SMTP server disconnects a remote SMTP client that
sends a line ending in a 'bare newline'.
- CVE-2023-51764
-- Allen Huang <email address hidden> Fri, 19 Jan 2024 12:30:34 +0000