Описание
postfix-mta-sts-resolver Algorithm Downgrade vulnerability
Incorrect query parsing
Impact
All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Patches
Problem has been patched in version 0.5.1
Workarounds
Users may remediate this vulnerability without upgrading by applying these patches to older suppoorted versions.
For more information
If you have any questions or comments about this advisory:
- Open an issue in postfix-mta-sts-resolver repo
- Email me at vladislav at vm-0 dot com
Ссылки
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
- https://nvd.nist.gov/vuln/detail/CVE-2019-16791
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/pypa/advisory-database/tree/main/vulns/postfix-mta-sts-resolver/PYSEC-2020-174.yaml
Пакеты
postfix-mta-sts-resolver
< 0.5.1
0.5.1
Связанные уязвимости
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...