[VUA 17-1] Updated postgrey package fix denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 17-1 http://volatile.debian.net
debian-volatile@lists.debian.org Martin Zobel-Helas
July 24th, 2006
- ---------------------------------------------------------------------------
Package : postgrey
Version : 1.21-1volatile4
Importance : high
CVE IDs : CVE-2005-1127
Peter Bieringer discovered that postgrey, a greylisting implementation
for Postfix, allows remote attackers to cause a denial of service
(crash) via format string specifiers that are not properly handled
before being sent to syslog.
The security issue does not apply for users who updated
libnet-server-perl to version 0.87-3sarge1 from security.debian.org.
Additionally the whitelist of postgrey has been updated.
For sarge, an updated postgrey package is available in sarge/volatile
as version 1.21-1volatile4.
Upgrade Instructions
- --------------------
You can get the updated packages at
http://volatile.debian.net/debian-volatile/pool/volatile/main/p/postgrey/
and install them with dpkg, or add
deb http://volatile.debian.net/debian-volatile sarge/volatile main
deb-src http://volatile.debian.net/debian-volatile sarge/volatile main
to your /etc/apt/sources.list. You can also use any of our mirrors.
Please see http://www.debian.org/devel/debian-volatile/volatile-mirrors for
the full list of mirrors. The archive signing key can be downloaded from
http://volatile.debian.net/ziyi-sarge.asc
For further information about debian-volatile, please refer to
http://volatile.debian.net/ and http://www.debian.org/devel/debian-volatile/.
If there are any issues, please don't hesitate to get in touch with the
volatile team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFExP4ZST77jl1k+HARApVnAJ0fXj6RTpy1jljKJGUUQQSFDzTgjQCfd+Sr
7qPotVSeHGa8ycX0bVrP8f4=
=Ewe7
-----END PGP SIGNATURE-----
Reply to: