Updated postfix packages fix security vulnerability
Publication date: 10 Jun 2026Modification date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43964
Description
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9
sometimes allows a buffer over-read and process crash via an enhanced
status code that lacks text after the third number. (CVE-2026-43964)
References
- https://bugs.mageia.org/show_bug.cgi?id=35513
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZO4LOHR75HKYCKH5Q4DTVUDIW76KSHBV/
- https://www.mail-archive.com/postfix-announce@postfix.org/msg00110.html
- https://www.openwall.com/lists/oss-security/2026/05/04/25
- https://www.cve.org/CVERecord?id=CVE-2026-43964
SRPMS
9/core
- postfix-3.8.4-1.2.mga9