-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 249-1 https://www.debian.org
debian-release@lists.debian.org Scott Kitterman
December 29th, 2023
-----------------------------------------------------------------------
Package : postfix
Version : 3.7.9-0+deb12u1 [bookworm]
: 3.5.23-0+deb11u1 [bullseye]
Importance : medium
Postfix is a high-performance mail transport agent.
This update consists of recommended upstream bug fixes since the versions
in bullseye and bookworm. In particular, a fix for CVE-2023-51764 (SMTP
smuggling) requires a configuration change to take full effect.
The configuration change is not done automatically to avoid causing issues
with existing installations. Users should consult the relevant Postfix
documentation [1] before setting "smtpd_forbid_bare_newline = yes" in the
main.cf file.
1: https://www.postfix.org/smtp-smuggling.html
Upgrade Instructions
--------------------
You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:
deb https://deb.debian.org/debian bookworm-updates main
deb-src https://deb.debian.org/debian bookworm-updates main
or
deb https://deb.debian.org/debian bullseye-updates main
deb-src https://deb.debian.org/debian bullseye-updates main
You can also use any of the Debian archive mirrors. See
https://www.debian.org/mirrors/list for the full list of mirrors.
For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: PGP signature