Package: postfix
Version: 3.3.0-1
Severity: important
Tags: security
The /etc/network/if-*.d/postfix scripts contain:
if [ ! -x /sbin/resolvconf ]; then
f=/etc/resolv.conf
if ! cp $f $(postconf -hx queue_directory)$f 2>/dev/null; then
exit 0
fi
If two such scripts run concurrently (which is now possible), the two
"cp" commands can also run concurrently, with unexpected results on
the generated resolv.conf file for postfix.
It might be a security issue as a consequence is that an incorrect
DNS server could be used.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.15.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages postfix depends on:
ii adduser 3.117
ii cpio 2.12+dfsg-6
ii debconf [debconf-2.0] 1.5.66
ii dpkg 1.19.0.5
ii e2fsprogs 1.44.1-2
ii libc6 2.27-3
ii libdb5.3 5.3.28-13.1+b1
ii libicu57 57.1-9
ii libsasl2-2 2.1.27~101-g0780600+dfsg-3.1
ii libssl1.1 1.1.0h-2
ii lsb-base 9.20170808
ii netbase 5.4
ii ssl-cert 1.0.39
Versions of packages postfix recommends:
ii python3 3.6.5-3
Versions of packages postfix suggests:
ii bsd-mailx [mail-reader] 8.1.2-0.20160123cvs-4
pn dovecot-common <none>
ii emacs25 [mail-reader] 25.2+1-6+b1
ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3.1
ii mutt [mail-reader] 1.9.5-2
pn postfix-cdb <none>
ii postfix-doc 3.3.0-1
pn postfix-ldap <none>
pn postfix-lmdb <none>
pn postfix-mysql <none>
ii postfix-pcre 3.3.0-1
pn postfix-pgsql <none>
ii postfix-sqlite 3.3.0-1
ii procmail 3.22-26
pn resolvconf <none>
pn sasl2-bin <none>
pn ufw <none>
-- debconf information excluded