[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2009:224 ] postfix



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:224
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postfix
 Date    : August 30, 2009
 Affected: 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in postfix:
 
 Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a
 mailbox file even when this file is not owned by the recipient, which
 allows local users to read e-mail messages by creating a mailbox file
 corresponding to another user's account name (CVE-2008-2937).
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 7140f40e139be1cf8125074cab6e81b4  
2008.1/i586/libpostfix1-2.5.1-2.3mdv2008.1.i586.rpm
 f11354454b5e18ab3c95f97aacca6cb1  
2008.1/i586/postfix-2.5.1-2.3mdv2008.1.i586.rpm
 b4bea6c762263a307ba52b096e0b477b  
2008.1/i586/postfix-ldap-2.5.1-2.3mdv2008.1.i586.rpm
 b4e3859a783b67327039243e502aa157  
2008.1/i586/postfix-mysql-2.5.1-2.3mdv2008.1.i586.rpm
 8c7a5ae2e92c1f2527f21290f8c8d1d6  
2008.1/i586/postfix-pcre-2.5.1-2.3mdv2008.1.i586.rpm
 4a824e461d20be248d732a0ecee84b17  
2008.1/i586/postfix-pgsql-2.5.1-2.3mdv2008.1.i586.rpm 
 2cf1299ed9de757fec29e360dfb24d83  
2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 bb834685ec49101148373ce708b5ed45  
2008.1/x86_64/lib64postfix1-2.5.1-2.3mdv2008.1.x86_64.rpm
 70fce4a57c601c85bad516b373a88548  
2008.1/x86_64/postfix-2.5.1-2.3mdv2008.1.x86_64.rpm
 fbf08c4d8b08fd4140843779bd28399b  
2008.1/x86_64/postfix-ldap-2.5.1-2.3mdv2008.1.x86_64.rpm
 cb40d1532368fff8cca7d05ef975b6d5  
2008.1/x86_64/postfix-mysql-2.5.1-2.3mdv2008.1.x86_64.rpm
 19a686b12a82ea1fc1baf04fd8246449  
2008.1/x86_64/postfix-pcre-2.5.1-2.3mdv2008.1.x86_64.rpm
 6cd370a66e8efe86541e73fd165921c9  
2008.1/x86_64/postfix-pgsql-2.5.1-2.3mdv2008.1.x86_64.rpm 
 2cf1299ed9de757fec29e360dfb24d83  
2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm

 Corporate 3.0:
 c31b8d0d1b7cfeffc4114a08c590394b  
corporate/3.0/i586/libpostfix1-2.1.1-0.5.C30mdk.i586.rpm
 522a1d6583d13161f9048b922ef6cf98  
corporate/3.0/i586/postfix-2.1.1-0.5.C30mdk.i586.rpm
 e5a0cf0f5ebb3a67a53e1d437fc4048e  
corporate/3.0/i586/postfix-ldap-2.1.1-0.5.C30mdk.i586.rpm
 5751e5109eda7b406214a9439dda8baf  
corporate/3.0/i586/postfix-mysql-2.1.1-0.5.C30mdk.i586.rpm
 7641b8ed287b7a710dc9465702918154  
corporate/3.0/i586/postfix-pcre-2.1.1-0.5.C30mdk.i586.rpm
 cf61094ca95d221df9bdbb24e3adbef6  
corporate/3.0/i586/postfix-pgsql-2.1.1-0.5.C30mdk.i586.rpm 
 b36ec66c7a2e93e6e203f1858478bad7  
corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 df9a2254b1450fc898668b7f22a06a6a  
corporate/3.0/x86_64/lib64postfix1-2.1.1-0.5.C30mdk.x86_64.rpm
 ffbfb3a2c9f95842c5214c69e74cf0cf  
corporate/3.0/x86_64/postfix-2.1.1-0.5.C30mdk.x86_64.rpm
 0948f13bb6c5978cb033e33a79604c45  
corporate/3.0/x86_64/postfix-ldap-2.1.1-0.5.C30mdk.x86_64.rpm
 a6cd459457454d854bd73de328c7489f  
corporate/3.0/x86_64/postfix-mysql-2.1.1-0.5.C30mdk.x86_64.rpm
 aa6c2cec11d17d77e928ee124e1e29d9  
corporate/3.0/x86_64/postfix-pcre-2.1.1-0.5.C30mdk.x86_64.rpm
 ec8fce55884bb814e84b2891d9be1cce  
corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.5.C30mdk.x86_64.rpm 
 b36ec66c7a2e93e6e203f1858478bad7  
corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm

 Corporate 4.0:
 23bf5745a5b5f7457e4d7c346c6bcbb9  
corporate/4.0/i586/libpostfix1-2.3.5-0.3.20060mlcs4.i586.rpm
 d4ae172e884ce5388edd7808f2371717  
corporate/4.0/i586/postfix-2.3.5-0.3.20060mlcs4.i586.rpm
 81d27bf78511b84bb31ec4da82d2f8dd  
corporate/4.0/i586/postfix-ldap-2.3.5-0.3.20060mlcs4.i586.rpm
 b438d4b45642c94756b0d74638328322  
corporate/4.0/i586/postfix-mysql-2.3.5-0.3.20060mlcs4.i586.rpm
 ba4c2a8d4126c10a1640a83098d4c4b9  
corporate/4.0/i586/postfix-pcre-2.3.5-0.3.20060mlcs4.i586.rpm
 c8a3c2cfbb1f9cea2117d6e0c25f9b4e  
corporate/4.0/i586/postfix-pgsql-2.3.5-0.3.20060mlcs4.i586.rpm 
 782004a450a90bbcaa94837c36eb07dd  
corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 26a2a20d5b6a8f3f56640667ebabe810  
corporate/4.0/x86_64/lib64postfix1-2.3.5-0.3.20060mlcs4.x86_64.rpm
 85b91925447997c52c15fdc8e4bafbd9  
corporate/4.0/x86_64/postfix-2.3.5-0.3.20060mlcs4.x86_64.rpm
 7fbac100a9c73446b73c7a1ac5115509  
corporate/4.0/x86_64/postfix-ldap-2.3.5-0.3.20060mlcs4.x86_64.rpm
 ecbaa69125310c3e1bc6682135b39d61  
corporate/4.0/x86_64/postfix-mysql-2.3.5-0.3.20060mlcs4.x86_64.rpm
 a194d65c69e642307a54960f0df99294  
corporate/4.0/x86_64/postfix-pcre-2.3.5-0.3.20060mlcs4.x86_64.rpm
 bf10b2360063f21bf61280fd36ff68eb  
corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.3.20060mlcs4.x86_64.rpm 
 782004a450a90bbcaa94837c36eb07dd  
corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKmsg4mqjQ0CJFipgRAiPcAKDeYjyMPZqfjGw2jz9nDMkfl+WyVwCggbiA
+4owaopmdcKSZ60jJ9vbb0k=
=DMHj
-----END PGP SIGNATURE-----