Amavisd crashes when calling external command /usr/bin/altermime after updated to 2.12.2-1ubuntu1.1
This bug report will be marked for expiration in 40 days if no further activity occurs. (find out why)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
amavisd-new (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Everything worked fine before upgrading Amavisd-new to 2.12.2-1ubuntu1.1 which is a security update:
https:/
After upgraded package without changing any config files, Amavisd crashes while calling /usr/bin/altermime to append disclaimer text, the error message is "Insecure dependency in exec while running with -T switch".
Postfix + amavisd log:
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/qmgr[2468]: 4Vq2YY0jWQzcR70: from=<email address hidden>, size=8419, nrcpt=1 (queue active)
May 29 10:27:13 mail1 amavis[39626]: (39626-09) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [2.115.8.214]:58545 [2.115.8.214] ESMTP/ESMTP <email address hidden> -> <email address hidden>, (ESMTPSA:
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/
May 29 10:27:13 mail1 postfix/qmgr[2468]: 4Vq2YY0jWQzcR70: removed
May 29 10:27:13 mail1 amavis[40862]: (39626-10) (!)run_command: child process [40862]: Insecure dependency in exec while running with -T switch at /usr/sbin/
May 29 10:27:13 mail1 amavis[39626]: (39626-10) (!!)collect_results from [40862] (/usr/bin/
May 29 10:27:13 mail1 amavis[39626]: (39626-10) (!)mangling by altermime failed: Program /usr/bin/altermime failed: 768, at /usr/sbin/
Hello and thanks for this bug report. While the security update did introduce a change in amavisd behavior ([1] is how upstream describe the change), I am unable to tell if the problem comes directly or only from amavisd, or if some other package/component is involved (altermime?).
Would it be possible for you to experiment by downgrading amavisd-new to its previous version, and check if the problem goes away? This should be feasible by running:
apt install amavisd- new=1:2. 12.2-1ubuntu1
This will help understanding if it is indeed amavisd-new to be problematic, or some other package that got upgraded together with it. Thanks!
[1] https:/ /gitlab. com/amavis/ amavis/ -/blob/ master/ README_ FILES/README. CVE-2024- 28054?ref_ type=heads