libspf2 Vulnerability [from another list...]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

libspf2 Vulnerability [from another list...]

Victor Duchovni

All libspf2 users should read this post by Dan Kaminsky, and upgrade  
libspf2 to 1.2.8 as soon as possible:

http://www.doxpara.com/?p=1263

Just in case anyone asks, and not surprisingly, the DNS code in Postfix
has no such lapses.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: libspf2 Vulnerability [from another list...]

Scott Kitterman-4
On Tue, 21 Oct 2008 23:59:00 -0400 Victor Duchovni
<[hidden email]> wrote:
>
>All libspf2 users should read this post by Dan Kaminsky, and upgrade  
>libspf2 to 1.2.8 as soon as possible:
>
>http://www.doxpara.com/?p=1263
>
FWIW, the Ubuntu libspf2 packages for all releases have been patched to
correct the buffer overflow mentioned in the article and 1.2.8 will be
included in the next release.  There is also a patched version for Debian
Lenny published and one for Etch is imminent.

Scott K