{"id":"USN-6591-2","summary":"postfix update","details":"USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of\nregression has been made available since the last update. This update\nupdates the fix and aligns with the latest configuration guidelines\nregarding this vulnerability.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Timo Longin discovered that Postfix incorrectly handled certain email line\n endings. A remote attacker could possibly use this issue to bypass an email\n authentication mechanism, allowing domain spoofing and potential spamming.\n \n Please note that certain configuration changes are required to address\n this issue. They are not enabled by default for backward compatibility.\n Information can be found at https://www.postfix.org/smtp-smuggling.html.\n","modified":"2026-04-22T10:43:31.319812Z","published":"2024-01-31T13:34:03Z","related":["UBUNTU-CVE-2023-51764"],"upstream":["CVE-2023-51764","UBUNTU-CVE-2023-51764"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6591-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-51764"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2050834"}],"affected":[{"package":{"name":"postfix","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/postfix@2.11.0-1ubuntu1.2+esm3?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.0-1ubuntu1.2+esm3"}]}],"versions":["2.10.2-1","2.10.2-1build1","2.11.0-1","2.11.0-1ubuntu1","2.11.0-1ubuntu1.2","2.11.0-1ubuntu1.2+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix"},{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix-cdb"},{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix-ldap"},{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix-mysql"},{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix-pcre"},{"binary_version":"2.11.0-1ubuntu1.2+esm3","binary_name":"postfix-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-51764"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"postfix","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/postfix@3.1.0-3ubuntu0.4+esm3?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.0-3ubuntu0.4+esm3"}]}],"versions":["2.11.3-1ubuntu2","2.11.3-1ubuntu3","3.0.4-1ubuntu1","3.0.4-2","3.0.4-3","3.0.4-5","3.0.4-5build1","3.1.0-3","3.1.0-3ubuntu0.1","3.1.0-3ubuntu0.2","3.1.0-3ubuntu0.3","3.1.0-3ubuntu0.4","3.1.0-3ubuntu0.4+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix"},{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix-cdb"},{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix-ldap"},{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix-mysql"},{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix-pcre"},{"binary_version":"3.1.0-3ubuntu0.4+esm3","binary_name":"postfix-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-51764"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"postfix","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/postfix@3.3.0-1ubuntu0.4+esm3?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0-1ubuntu0.4+esm3"}]}],"versions":["3.2.3-1","3.2.3-1build1","3.2.4-1","3.2.5-1","3.2.5-1build1","3.3.0-1","3.3.0-1ubuntu0.1","3.3.0-1ubuntu0.2","3.3.0-1ubuntu0.3","3.3.0-1ubuntu0.4","3.3.0-1ubuntu0.4+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-cdb"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-ldap"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-lmdb"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-mysql"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-pcre"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-pgsql"},{"binary_version":"3.3.0-1ubuntu0.4+esm3","binary_name":"postfix-sqlite"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-51764"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"postfix","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/postfix@3.4.13-0ubuntu1.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.13-0ubuntu1.4"}]}],"versions":["3.4.5-1ubuntu1","3.4.7-1","3.4.7-2","3.4.8-1","3.4.9-1","3.4.10-1","3.4.10-1ubuntu1","3.4.13-0ubuntu1","3.4.13-0ubuntu1.1","3.4.13-0ubuntu1.2","3.4.13-0ubuntu1.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-cdb"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-ldap"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-lmdb"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-mysql"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-pcre"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-pgsql"},{"binary_version":"3.4.13-0ubuntu1.4","binary_name":"postfix-sqlite"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-51764"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"postfix","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/postfix@3.6.4-1ubuntu1.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.4-1ubuntu1.3"}]}],"versions":["3.5.6-1ubuntu2","3.5.13-1ubuntu1","3.5.13-1ubuntu2","3.5.13-1ubuntu3","3.6.3-4ubuntu1","3.6.3-5ubuntu1","3.6.3-5ubuntu2","3.6.4-1ubuntu1","3.6.4-1ubuntu1.1","3.6.4-1ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-cdb"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-ldap"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-lmdb"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-mysql"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-pcre"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-pgsql"},{"binary_version":"3.6.4-1ubuntu1.3","binary_name":"postfix-sqlite"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6591-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-51764"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}