Package: courier-mta Severity: important Tags: security Please include this CAN number in any changelog dealing with this matter.
A vulnerability has been reported in Courier Mail Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in "rfc1035/spf.c" when handling DNS lookup failures while looking up SPF records. This causes freeing of non-allocated memory and can potentially be exploited to crash the service. The vulnerability has been reported in version 0.50.0. Prior versions may also be affected. According to http://www.courier-mta.org/?changelog.html this is fixed in 0.51: 2005-07-02 Mr. Sam <[EMAIL PROTECTED]> * rfc1035/spf.c: Soft DNS failures weren't handled properly when looking up SPF records. Potential memory corruption. Micah -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (300, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
