========================================================================== Ubuntu Security Notice USN-4621-1 November 05, 2020 netqmail vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: netqmail could be made to crash if it received specially crafted input. Software Description: - netqmail: a secure, reliable, efficient, simple message transfer agent Details: It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: qmail 1.06-6.2~deb10u1build0.18.04.1 Ubuntu 16.04 LTS: qmail 1.06-6.2~deb10u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4621-1 CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812 Package Information: https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.18.04.1 https://launchpad.net/ubuntu/+source/netqmail/1.06-6.2~deb10u1build0.16.04.1