1 (edited by derchris 2011-03-08 21:24:24)

Topic: Bug in STARTTLS can run un-authorized code

Hi all,

there is a bug in STARTLS which can lead to running un-authorized code on the host

http://www.securityfocus.com/archive/1/ … 0/threaded

http://www.kb.cert.org/vuls/id/MORO-8ELH6Z

As far as I know it affects 2.7.3, but at the moment 2.7.1 is being used
Can you confirm if the postfix version used by iRedMail is affected or not?

2

Re: Bug in STARTTLS can run un-authorized code

Most binary packages in iRedMail are installed from official software repositories of linux/bsd distribution, so you can simply wait for package update.