Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
Conectiva has released advisory CLA-2003:717 with fixes to address this issue. Additional information is available in the referenced advisory. Fixes are linked below.
Debian has issued fixes. See advisory DSA-363-1 listed in the reference section for download locations.
SuSE has released advisory SuSE-SA:2003:033 with fixes to address this issue.
Mandrake has released advisory MDKSA-2003:081 with fixes to address this issue. Additional information is available in the referenced Mandrake Advisory.
Red Hat has released advisory RHSA-2003:251-01. Fix information may be gathered from the referenced advisory.
Guardian Digital has released an advisory (ESA-20030804-019) that provides updates for EnGarde Secure Linux. These updates may be applied automatically with the Guardian Digital WebTool. Please see the attached advisory for instructions on how to apply updates.
Trustix has released an advisory (TSLSA-2003-0029) that addresses this issue. Please see the attached advisory for details on obtaining and applying upgrades.
Vulnerable versions of the software can be fixed by upgrading to Postfix 1.1.13.
Wietse Venema Postfix 20011115
Wietse Venema Postfix 19991231
Wietse Venema Postfix 19990906
Wietse Venema Postfix 20010228
Wietse Venema Postfix 1.0.21
Wietse Venema Postfix 1.1.11
Wietse Venema Postfix 1.1.12
Conectiva Linux 7.0
Conectiva Linux 8.0