*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
We are getting a result back from a PCI scan indicating that our Postfix
server on Lucid is vulnerable to CVE-2012-4929 on port 25.
As far as I can tell, there is no option to shut off TLS compression in
either postfix or the SSL packages.
Description: Ubuntu 10.04.4 LTS
Release: 10.04
houstod@jjnb-mail-v-00:~$ apt-cache policy postfix
postfix:
Installed: 2.7.0-1ubuntu0.2
Candidate: 2.7.0-1ubuntu0.2
Version table:
*** 2.7.0-1ubuntu0.2 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
100 /var/lib/dpkg/status
2.7.0-1 0
500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
I would expect to be able to turn off compression somehow, but this does
not seem to be an option.
** Affects: postfix (Ubuntu)
Importance: Undecided
Status: New
--
Postfix in Lucid server vulnerable to CVE-2012-4929
https://bugs.launchpad.net/bugs/1173357
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
