SUSE-RU-2019:2792-1: moderate: Recommended update for postfix
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon Oct 28 14:13:45 MDT 2019
SUSE Recommended Update: Recommended update for postfix
______________________________________________________________________________
Announcement ID: SUSE-RU-2019:2792-1
Rating: moderate
References: #1142881 #1146231
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for postfix fixes the following issues:
Postfix was updated to the new minor release 3.2.10, bringing bugfixes and
some new features. (bsc#1146231 jsc#ECO-296 jsc#SLE-9800)
Version update to 3.2.10:
- Starting with Postfix 3.2.5, this software is distributed with a dual
license: in addition to the historical IBM Public License 1.0, it is now
also distributed with the more recent Eclipse Public License 2.0.
Recipients can choose to take the software under the license of their
choice.
Other changes and features:
* This release introduces a workaround for implementations that hang
Postfix while shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits
for a remote TLS peer to respond to a TLS 'close' request. This behavior
is recommended with TLSv1.0 and later. Specify "tls_fast_shutdown_enable
= no" to get historical Postfix behavior.
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed
to send email to some sites with "TLSA 2 X X" DNS records associated
with an intermediate CA certificate. Problem report and initial fix by
Erwan Legrand.
* Missing dynamicmaps support in the Postfix sendmail command. This broke
authorized_submit_users settings that use a dynamically-loaded map type.
Problem reported by Ulrich Zehl.
* Extension propagation was broken with "recipient_delimiter = .". This
change reverts a change that was trying to be too clever.
* The postqueue command would abort with a panic message after it
experienced an output write error while listing the mail queue. This
change restores a write error check that was lost with the Postfix 3.2
rewrite of the vbuf_print formatter.
* Restored sanity checks for dynamically-specified width and precision in
format strings (%*, %.*, and %*.*). These checks were lost with the
Postfix 3.2 rewrite of the vbuf_print formatter.
* Security: Berkeley DB versions 2 and later try to read settings from a
file DB_CONFIG in the current directory. This undocumented feature may
introduce undisclosed vulnerabilities resulting in privilege escalation
with Postfix set-gid programs (postdrop, postqueue) before they chdir to
the Postfix queue directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable by other
users. This fix does not change Postfix behavior for Berkeley DB
versions < 3, but it does reduce postmap and postalias 'create'
performance with Berkeley DB versions 3.0 .. 4.6.
* The SMTP server receive_override_options were not restored at the end of
an SMTP session, after the options were modified by an smtpd_milter_maps
setting of "DISABLE". Milter support remained disabled for the life time
of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored a
non-default parent_domain_matches_subdomains setting.
- mkpostfixcert from Postfix still uses md5 (bsc#1142881)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2792=1
- SUSE Linux Enterprise Software Development Kit 12-SP4:
zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2792=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2792=1
- SUSE Linux Enterprise Server 12-SP4:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2792=1
- SUSE Linux Enterprise Desktop 12-SP4:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2792=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
postfix-debuginfo-3.2.10-3.21.2
postfix-debugsource-3.2.10-3.21.2
postfix-devel-3.2.10-3.21.2
- SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):
postfix-debuginfo-3.2.10-3.21.2
postfix-debugsource-3.2.10-3.21.2
postfix-devel-3.2.10-3.21.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
postfix-3.2.10-3.21.2
postfix-debuginfo-3.2.10-3.21.2
postfix-debugsource-3.2.10-3.21.2
postfix-mysql-3.2.10-3.21.2
postfix-mysql-debuginfo-3.2.10-3.21.2
- SUSE Linux Enterprise Server 12-SP5 (noarch):
postfix-doc-3.2.10-3.21.2
- SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
postfix-3.2.10-3.21.2
postfix-debuginfo-3.2.10-3.21.2
postfix-debugsource-3.2.10-3.21.2
postfix-mysql-3.2.10-3.21.2
postfix-mysql-debuginfo-3.2.10-3.21.2
- SUSE Linux Enterprise Server 12-SP4 (noarch):
postfix-doc-3.2.10-3.21.2
- SUSE Linux Enterprise Desktop 12-SP4 (x86_64):
postfix-3.2.10-3.21.2
postfix-debuginfo-3.2.10-3.21.2
postfix-debugsource-3.2.10-3.21.2
References:
https://bugzilla.suse.com/1142881
https://bugzilla.suse.com/1146231
More information about the sle-updates
mailing list