Package name
postfix
Date
2008-08-15
Advisory ID
MDVSA-2008:171
Affected versions
CS4.0 i586 , CS4.0 x86_64 , 2008.0 i586 , 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

Sebastian Krahmer of the SUSE Security Team discovered a flaw in
the way Postfix dereferenced symbolic links. If a local user had
write access to a mail spool directory without a root mailbox file,
it could be possible for them to append arbitrary data to files that
root had write permissions to (CVE-2008-2936).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 i586

 c7e11fa492370b389f507fc3ae2b1d4a  corporate/4.0/i586/libpostfix1-2.3.5-0.2.20060mlcs4.i586.rpm
 f78b08147813d142dbebccfa3f2d1fc1  corporate/4.0/i586/postfix-2.3.5-0.2.20060mlcs4.i586.rpm
 982fb6adba17ab2acfd477323a55db4c  corporate/4.0/i586/postfix-ldap-2.3.5-0.2.20060mlcs4.i586.rpm
 163b41ad32263b2a319720144153f5af  corporate/4.0/i586/postfix-mysql-2.3.5-0.2.20060mlcs4.i586.rpm
 7be21bfdc0f6e70d6da173d5005516f8  corporate/4.0/i586/postfix-pcre-2.3.5-0.2.20060mlcs4.i586.rpm
 26c0b02352463bd5c33b67c146330701  corporate/4.0/i586/postfix-pgsql-2.3.5-0.2.20060mlcs4.i586.rpm 
 f9251f61013674ae03a5122d8c5cfd25  corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm

CS4.0 x86_64

 91d8789d61bc41409d96b0442ffb8d13  corporate/4.0/x86_64/lib64postfix1-2.3.5-0.2.20060mlcs4.x86_64.rpm
 db6e1d07cd48fd215db13b6c0812629f  corporate/4.0/x86_64/postfix-2.3.5-0.2.20060mlcs4.x86_64.rpm
 6d57adb992f1903344a12c213116e2d9  corporate/4.0/x86_64/postfix-ldap-2.3.5-0.2.20060mlcs4.x86_64.rpm
 c3217315a710dddef6addc566542dbef  corporate/4.0/x86_64/postfix-mysql-2.3.5-0.2.20060mlcs4.x86_64.rpm
 21db2224670acce491ff87269f21ec5e  corporate/4.0/x86_64/postfix-pcre-2.3.5-0.2.20060mlcs4.x86_64.rpm
 89d5796c4d94bb6ab1ef26de400d032f  corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.2.20060mlcs4.x86_64.rpm 
 f9251f61013674ae03a5122d8c5cfd25  corporate/4.0/SRPMS/postfix-2.3.5-0.2.20060mlcs4.src.rpm

2008.0 i586

 28f80755d3e08a050a3294f15bcdf0b0  2008.0/i586/libpostfix1-2.4.5-2.1mdv2008.0.i586.rpm
 8e5a684b87309c502f34d76104e7291f  2008.0/i586/postfix-2.4.5-2.1mdv2008.0.i586.rpm
 fd4bd15f398bb8f9a90e59216b4a01dc  2008.0/i586/postfix-ldap-2.4.5-2.1mdv2008.0.i586.rpm
 63e5be0f5c1dc8b28f173726c1648831  2008.0/i586/postfix-mysql-2.4.5-2.1mdv2008.0.i586.rpm
 75e6b126fd04ce8cbef1d024a8d4af94  2008.0/i586/postfix-pcre-2.4.5-2.1mdv2008.0.i586.rpm
 3eb0a04a986f20d4771b774b0707d5ff  2008.0/i586/postfix-pgsql-2.4.5-2.1mdv2008.0.i586.rpm 
 d18e696ddd9948b311e84c1df3b4edfa  2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm

2007.1 i586

 26e470b9c59a7f942865ff4c9a029f33  2007.1/i586/libpostfix1-2.3.8-1.1mdv2007.1.i586.rpm
 886bae30f28144d5cd12330eadc29beb  2007.1/i586/postfix-2.3.8-1.1mdv2007.1.i586.rpm
 4490c64a7b39685f04dff74ce114edd1  2007.1/i586/postfix-ldap-2.3.8-1.1mdv2007.1.i586.rpm
 03bc15e8554bb5519bccc27147dc49c5  2007.1/i586/postfix-mysql-2.3.8-1.1mdv2007.1.i586.rpm
 4ce6d3583264a3d9a89e99554d8f5334  2007.1/i586/postfix-pcre-2.3.8-1.1mdv2007.1.i586.rpm
 1fa256a3a7306dc4711d2c1f394e4779  2007.1/i586/postfix-pgsql-2.3.8-1.1mdv2007.1.i586.rpm 
 585a32ed0e7d643bec4be76ca56e96a3  2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm

CS3.0 x86_64

 f695f71cf4e3cff94b76ffaa79e79276  corporate/3.0/x86_64/lib64postfix1-2.1.1-0.4.C30mdk.x86_64.rpm
 479831782b7e851ee64b8686e5435742  corporate/3.0/x86_64/postfix-2.1.1-0.4.C30mdk.x86_64.rpm
 a52bf688f3f842c8062ca1e43748a442  corporate/3.0/x86_64/postfix-ldap-2.1.1-0.4.C30mdk.x86_64.rpm
 e286020374420577f7372bf98b3145f0  corporate/3.0/x86_64/postfix-mysql-2.1.1-0.4.C30mdk.x86_64.rpm
 7c4d75cb5df1951918a3baf56aff0dcd  corporate/3.0/x86_64/postfix-pcre-2.1.1-0.4.C30mdk.x86_64.rpm
 e1b6ff7a49ab9dbd1cc8559ec9a747fe  corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.4.C30mdk.x86_64.rpm 
 0b9d6b89f64cf5c5ba64d4234ba958d3  corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm

2008.0 x86_64

 25c8159e3a2b78ab281dcf6c7b5886d1  2008.0/x86_64/lib64postfix1-2.4.5-2.1mdv2008.0.x86_64.rpm
 56bc517d9bb1cf9221ce8d35999ac7de  2008.0/x86_64/postfix-2.4.5-2.1mdv2008.0.x86_64.rpm
 08af0c3454a642e57252180f6f8b8b1c  2008.0/x86_64/postfix-ldap-2.4.5-2.1mdv2008.0.x86_64.rpm
 c8777d4816b661a2853df44228c97e26  2008.0/x86_64/postfix-mysql-2.4.5-2.1mdv2008.0.x86_64.rpm
 08579717946ec5c32df7674286f9f45a  2008.0/x86_64/postfix-pcre-2.4.5-2.1mdv2008.0.x86_64.rpm
 fda669add03041fa744d5738c7457c3a  2008.0/x86_64/postfix-pgsql-2.4.5-2.1mdv2008.0.x86_64.rpm 
 d18e696ddd9948b311e84c1df3b4edfa  2008.0/SRPMS/postfix-2.4.5-2.1mdv2008.0.src.rpm

CS3.0 i586

 7d6dc0a422fa43c691a6819a9954d29c  corporate/3.0/i586/libpostfix1-2.1.1-0.4.C30mdk.i586.rpm
 6c90a40a69bcd261d1fff8124d087d48  corporate/3.0/i586/postfix-2.1.1-0.4.C30mdk.i586.rpm
 9e3468e37e512a5207a982ba606d8fb8  corporate/3.0/i586/postfix-ldap-2.1.1-0.4.C30mdk.i586.rpm
 8018f6af47a5659396a3d903c27b33d4  corporate/3.0/i586/postfix-mysql-2.1.1-0.4.C30mdk.i586.rpm
 ac40a515260bd75fe00c5e1610b11e7b  corporate/3.0/i586/postfix-pcre-2.1.1-0.4.C30mdk.i586.rpm
 f8675212bf047f8373846efe438d6e34  corporate/3.0/i586/postfix-pgsql-2.1.1-0.4.C30mdk.i586.rpm 
 0b9d6b89f64cf5c5ba64d4234ba958d3  corporate/3.0/SRPMS/postfix-2.1.1-0.4.C30mdk.src.rpm

2008.1 x86_64

 16d38a5b0b47edb0fc3395c63511bd6c  2008.1/x86_64/lib64postfix1-2.5.1-2.1mdv2008.1.x86_64.rpm
 546f25ac9ea5aa167b9282bd8d4f537a  2008.1/x86_64/postfix-2.5.1-2.1mdv2008.1.x86_64.rpm
 f1a917d26a5366044e570f6571c2fb10  2008.1/x86_64/postfix-ldap-2.5.1-2.1mdv2008.1.x86_64.rpm
 4b2f2a4d53ef97dbd2c609afc9e61c77  2008.1/x86_64/postfix-mysql-2.5.1-2.1mdv2008.1.x86_64.rpm
 266433d35cd238e9132b6225bc5d1258  2008.1/x86_64/postfix-pcre-2.5.1-2.1mdv2008.1.x86_64.rpm
 78f8df45bf1c009701112a60294ccdeb  2008.1/x86_64/postfix-pgsql-2.5.1-2.1mdv2008.1.x86_64.rpm 
 0f3cb76c3893354103745ee331942f0d  2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm

2008.1 i586

 5a3804f2c3effc218f5c2e2e3df27564  2008.1/i586/libpostfix1-2.5.1-2.1mdv2008.1.i586.rpm
 506d51b49e9c8c0e439fc8bc4c63ba29  2008.1/i586/postfix-2.5.1-2.1mdv2008.1.i586.rpm
 34ef86dd70c956f2a99bdfac81183e09  2008.1/i586/postfix-ldap-2.5.1-2.1mdv2008.1.i586.rpm
 1d07b91d48c60906f28b8a2eba99ca1c  2008.1/i586/postfix-mysql-2.5.1-2.1mdv2008.1.i586.rpm
 70ba3c286521579fc49a54bba84472dd  2008.1/i586/postfix-pcre-2.5.1-2.1mdv2008.1.i586.rpm
 dca57a1b0579a8418ad10aac03322b2e  2008.1/i586/postfix-pgsql-2.5.1-2.1mdv2008.1.i586.rpm 
 0f3cb76c3893354103745ee331942f0d  2008.1/SRPMS/postfix-2.5.1-2.1mdv2008.1.src.rpm

2007.1 x86_64

 c5b9aba41a5f7d4762e07611ab796ba9  2007.1/x86_64/lib64postfix1-2.3.8-1.1mdv2007.1.x86_64.rpm
 34aaf8a7f5489382ae2fe752239c1ad3  2007.1/x86_64/postfix-2.3.8-1.1mdv2007.1.x86_64.rpm
 c1bbbc34d1a6951dfea07b479e7546a6  2007.1/x86_64/postfix-ldap-2.3.8-1.1mdv2007.1.x86_64.rpm
 72c368adfd81383032aee96564edd1dc  2007.1/x86_64/postfix-mysql-2.3.8-1.1mdv2007.1.x86_64.rpm
 b6e9329425e1e4f6f1b591ca01c07527  2007.1/x86_64/postfix-pcre-2.3.8-1.1mdv2007.1.x86_64.rpm
 858ac67feca2fae49be70f752a9f5688  2007.1/x86_64/postfix-pgsql-2.3.8-1.1mdv2007.1.x86_64.rpm 
 585a32ed0e7d643bec4be76ca56e96a3  2007.1/SRPMS/postfix-2.3.8-1.1mdv2007.1.src.rpm

References