SUSE-RU-2019:2792-1: moderate: Recommended update for postfix

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Oct 28 14:13:45 MDT 2019


   SUSE Recommended Update: Recommended update for postfix
______________________________________________________________________________

Announcement ID:    SUSE-RU-2019:2792-1
Rating:             moderate
References:         #1142881 #1146231 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP4
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Desktop 12-SP4
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for postfix fixes the following issues:

   Postfix was updated to the new minor release 3.2.10, bringing bugfixes and
   some new features. (bsc#1146231 jsc#ECO-296 jsc#SLE-9800)

   Version update to 3.2.10:

   - Starting with Postfix 3.2.5, this software is distributed with a dual
     license: in addition to the historical IBM Public License 1.0, it is now
     also distributed with the more recent Eclipse Public License 2.0.
     Recipients can choose to take the software under the license of their
     choice.

   Other changes and features:

   * This release introduces a workaround for implementations that hang
     Postfix while shutting down a TLS session, until Postfix times out. With
     "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits
     for a remote TLS peer to respond to a TLS 'close' request. This behavior
     is recommended with TLSv1.0 and later. Specify "tls_fast_shutdown_enable
     = no" to get historical Postfix behavior.
   * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed
     to send email to some sites with "TLSA 2 X X" DNS records associated
     with an intermediate CA certificate. Problem report and initial fix by
     Erwan Legrand.
   * Missing dynamicmaps support in the Postfix sendmail command. This broke
     authorized_submit_users settings that use a dynamically-loaded map type.
     Problem reported by Ulrich Zehl.
   * Extension propagation was broken with "recipient_delimiter = .". This
     change reverts a change that was trying to be too clever.
   * The postqueue command would abort with a panic message after it
     experienced an output write error while listing the mail queue. This
     change restores a write error check that was lost with the Postfix 3.2
     rewrite of the vbuf_print formatter.
   * Restored sanity checks for dynamically-specified width and precision in
     format strings (%*, %.*, and %*.*). These checks were lost with the
     Postfix 3.2 rewrite of the vbuf_print formatter.
   * Security: Berkeley DB versions 2 and later try to read settings from a
     file DB_CONFIG in the current directory. This undocumented feature may
     introduce undisclosed vulnerabilities resulting in privilege escalation
     with Postfix set-gid programs (postdrop, postqueue) before they chdir to
     the Postfix queue directory, and with the postmap and postalias commands
     depending on whether the user's current directory is writable by other
     users. This fix does not change Postfix behavior for Berkeley DB
     versions < 3, but it does reduce postmap and postalias 'create'
     performance with Berkeley DB versions 3.0 .. 4.6.
   * The SMTP server receive_override_options were not restored at the end of
     an SMTP session, after the options were modified by an smtpd_milter_maps
     setting of "DISABLE". Milter support remained disabled for the life time
     of the smtpd process.
   * After the Postfix 3.2 address/domain table lookup overhaul, the
     check_sender_access and check_recipient_access features ignored a
     non-default parent_domain_matches_subdomains setting.

   - mkpostfixcert from Postfix still uses md5 (bsc#1142881)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2792=1

   - SUSE Linux Enterprise Software Development Kit 12-SP4:

      zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2792=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2792=1

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2792=1

   - SUSE Linux Enterprise Desktop 12-SP4:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2792=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      postfix-debuginfo-3.2.10-3.21.2
      postfix-debugsource-3.2.10-3.21.2
      postfix-devel-3.2.10-3.21.2

   - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):

      postfix-debuginfo-3.2.10-3.21.2
      postfix-debugsource-3.2.10-3.21.2
      postfix-devel-3.2.10-3.21.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      postfix-3.2.10-3.21.2
      postfix-debuginfo-3.2.10-3.21.2
      postfix-debugsource-3.2.10-3.21.2
      postfix-mysql-3.2.10-3.21.2
      postfix-mysql-debuginfo-3.2.10-3.21.2

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      postfix-doc-3.2.10-3.21.2

   - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):

      postfix-3.2.10-3.21.2
      postfix-debuginfo-3.2.10-3.21.2
      postfix-debugsource-3.2.10-3.21.2
      postfix-mysql-3.2.10-3.21.2
      postfix-mysql-debuginfo-3.2.10-3.21.2

   - SUSE Linux Enterprise Server 12-SP4 (noarch):

      postfix-doc-3.2.10-3.21.2

   - SUSE Linux Enterprise Desktop 12-SP4 (x86_64):

      postfix-3.2.10-3.21.2
      postfix-debuginfo-3.2.10-3.21.2
      postfix-debugsource-3.2.10-3.21.2


References:

   https://bugzilla.suse.com/1142881
   https://bugzilla.suse.com/1146231



More information about the sle-updates mailing list