MDVSA-2008:190

Package name

postfix

Date

2008-09-10

Advisory ID

MDVSA-2008:190

Affected versions

2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).

The updated packages have been patched to correct this issue.

Updated packages

2008.1 i586

 f7e093f905a77ffff051dd1f1719e70c  2008.1/i586/libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm
 17806bd3791473f79636f6e96aac3b16  2008.1/i586/postfix-2.5.1-2.2mdv2008.1.i586.rpm
 ccbd6e6f134329f298da2e73ee924624  2008.1/i586/postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm
 5e7501b1c226168794559a0c945c51ce  2008.1/i586/postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm
 44482a44ec46d379cc90ec71b8d3da40  2008.1/i586/postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm
 ed1ddf0451d015b1c85d09d438406c04  2008.1/i586/postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm 
 d450d39e8073c6c9f1c9003f6189cf1a  2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm

2008.1 x86_64

 f9a52469d5700428f6a2c606d2846299  2008.1/x86_64/lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm
 5cb84c0ebe53a446efd208da355a9b4b  2008.1/x86_64/postfix-2.5.1-2.2mdv2008.1.x86_64.rpm
 cdc066f4ebcd87b1902d330129ff5a87  2008.1/x86_64/postfix-ldap-2.5.1-2.2mdv2008.1.x86_64.rpm
 4067143e300d124b20d7a24972c4ae22  2008.1/x86_64/postfix-mysql-2.5.1-2.2mdv2008.1.x86_64.rpm
 65a6a8c5206d7a9c45b12557896cba58  2008.1/x86_64/postfix-pcre-2.5.1-2.2mdv2008.1.x86_64.rpm
 b8d9b415787c02698fa29772942a2300  2008.1/x86_64/postfix-pgsql-2.5.1-2.2mdv2008.1.x86_64.rpm 
 d450d39e8073c6c9f1c9003f6189cf1a  2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm

2008.0 i586

 c0bf5d528d5d41dcd2d20ebdb34d0cda  2008.0/i586/libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm
 fa944c0d7f0cbea926f535d510bf55d1  2008.0/i586/postfix-2.4.5-2.2mdv2008.0.i586.rpm
 198798461aa8d36de69167dabf12e753  2008.0/i586/postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm
 58655741a221fa54a33566568f3b4b82  2008.0/i586/postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm
 a38a78d39fe49cfa5dd71ee4f5a8a2bd  2008.0/i586/postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm
 6d26bd16aaab2333dc84a86b0595b31d  2008.0/i586/postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm 
 da3f4b0d105461a2c0cc9d0ffdb8afbc  2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

2008.0 x86_64

 028de47e6f9dd2a18be1afbfbfcc7b35  2008.0/x86_64/lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm
 4e790bb1f1cb14e0eb008e8188c7d7f3  2008.0/x86_64/postfix-2.4.5-2.2mdv2008.0.x86_64.rpm
 a843dc0ab9e22c27f1a83d3dd01139fd  2008.0/x86_64/postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm
 9e50dfda594b6e6c270d001f5c020086  2008.0/x86_64/postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm
 b27f29aa607246fa343244e783080dce  2008.0/x86_64/postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm
 90992c9e66cbfa61adcc8f25af56bad0  2008.0/x86_64/postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm 
 da3f4b0d105461a2c0cc9d0ffdb8afbc  2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
• http://www.postfix.org/announcements/20080902.html