MDVSA-2009:224
- Package name
- postfix
- Date
- 2009-08-30
- Advisory ID
- MDVSA-2009:224
- Affected versions
- CS4.0 x86_64 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586
Problem description
A vulnerability has been found and corrected in postfix:
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a
mailbox file even when this file is not owned by the recipient, which
allows local users to read e-mail messages by creating a mailbox file
corresponding to another user's account name (CVE-2008-2937).
This update provides a solution to this vulnerability.
Updated packages
CS4.0 x86_64
26a2a20d5b6a8f3f56640667ebabe810 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.3.20060mlcs4.x86_64.rpm 85b91925447997c52c15fdc8e4bafbd9 corporate/4.0/x86_64/postfix-2.3.5-0.3.20060mlcs4.x86_64.rpm 7fbac100a9c73446b73c7a1ac5115509 corporate/4.0/x86_64/postfix-ldap-2.3.5-0.3.20060mlcs4.x86_64.rpm ecbaa69125310c3e1bc6682135b39d61 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.3.20060mlcs4.x86_64.rpm a194d65c69e642307a54960f0df99294 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.3.20060mlcs4.x86_64.rpm bf10b2360063f21bf61280fd36ff68eb corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.3.20060mlcs4.x86_64.rpm 782004a450a90bbcaa94837c36eb07dd corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm
CS4.0 i586
23bf5745a5b5f7457e4d7c346c6bcbb9 corporate/4.0/i586/libpostfix1-2.3.5-0.3.20060mlcs4.i586.rpm d4ae172e884ce5388edd7808f2371717 corporate/4.0/i586/postfix-2.3.5-0.3.20060mlcs4.i586.rpm 81d27bf78511b84bb31ec4da82d2f8dd corporate/4.0/i586/postfix-ldap-2.3.5-0.3.20060mlcs4.i586.rpm b438d4b45642c94756b0d74638328322 corporate/4.0/i586/postfix-mysql-2.3.5-0.3.20060mlcs4.i586.rpm ba4c2a8d4126c10a1640a83098d4c4b9 corporate/4.0/i586/postfix-pcre-2.3.5-0.3.20060mlcs4.i586.rpm c8a3c2cfbb1f9cea2117d6e0c25f9b4e corporate/4.0/i586/postfix-pgsql-2.3.5-0.3.20060mlcs4.i586.rpm 782004a450a90bbcaa94837c36eb07dd corporate/4.0/SRPMS/postfix-2.3.5-0.3.20060mlcs4.src.rpm
CS3.0 x86_64
df9a2254b1450fc898668b7f22a06a6a corporate/3.0/x86_64/lib64postfix1-2.1.1-0.5.C30mdk.x86_64.rpm ffbfb3a2c9f95842c5214c69e74cf0cf corporate/3.0/x86_64/postfix-2.1.1-0.5.C30mdk.x86_64.rpm 0948f13bb6c5978cb033e33a79604c45 corporate/3.0/x86_64/postfix-ldap-2.1.1-0.5.C30mdk.x86_64.rpm a6cd459457454d854bd73de328c7489f corporate/3.0/x86_64/postfix-mysql-2.1.1-0.5.C30mdk.x86_64.rpm aa6c2cec11d17d77e928ee124e1e29d9 corporate/3.0/x86_64/postfix-pcre-2.1.1-0.5.C30mdk.x86_64.rpm ec8fce55884bb814e84b2891d9be1cce corporate/3.0/x86_64/postfix-pgsql-2.1.1-0.5.C30mdk.x86_64.rpm b36ec66c7a2e93e6e203f1858478bad7 corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm
CS3.0 i586
c31b8d0d1b7cfeffc4114a08c590394b corporate/3.0/i586/libpostfix1-2.1.1-0.5.C30mdk.i586.rpm 522a1d6583d13161f9048b922ef6cf98 corporate/3.0/i586/postfix-2.1.1-0.5.C30mdk.i586.rpm e5a0cf0f5ebb3a67a53e1d437fc4048e corporate/3.0/i586/postfix-ldap-2.1.1-0.5.C30mdk.i586.rpm 5751e5109eda7b406214a9439dda8baf corporate/3.0/i586/postfix-mysql-2.1.1-0.5.C30mdk.i586.rpm 7641b8ed287b7a710dc9465702918154 corporate/3.0/i586/postfix-pcre-2.1.1-0.5.C30mdk.i586.rpm cf61094ca95d221df9bdbb24e3adbef6 corporate/3.0/i586/postfix-pgsql-2.1.1-0.5.C30mdk.i586.rpm b36ec66c7a2e93e6e203f1858478bad7 corporate/3.0/SRPMS/postfix-2.1.1-0.5.C30mdk.src.rpm
2008.1 x86_64
bb834685ec49101148373ce708b5ed45 2008.1/x86_64/lib64postfix1-2.5.1-2.3mdv2008.1.x86_64.rpm 70fce4a57c601c85bad516b373a88548 2008.1/x86_64/postfix-2.5.1-2.3mdv2008.1.x86_64.rpm fbf08c4d8b08fd4140843779bd28399b 2008.1/x86_64/postfix-ldap-2.5.1-2.3mdv2008.1.x86_64.rpm cb40d1532368fff8cca7d05ef975b6d5 2008.1/x86_64/postfix-mysql-2.5.1-2.3mdv2008.1.x86_64.rpm 19a686b12a82ea1fc1baf04fd8246449 2008.1/x86_64/postfix-pcre-2.5.1-2.3mdv2008.1.x86_64.rpm 6cd370a66e8efe86541e73fd165921c9 2008.1/x86_64/postfix-pgsql-2.5.1-2.3mdv2008.1.x86_64.rpm 2cf1299ed9de757fec29e360dfb24d83 2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm
2008.1 i586
7140f40e139be1cf8125074cab6e81b4 2008.1/i586/libpostfix1-2.5.1-2.3mdv2008.1.i586.rpm f11354454b5e18ab3c95f97aacca6cb1 2008.1/i586/postfix-2.5.1-2.3mdv2008.1.i586.rpm b4bea6c762263a307ba52b096e0b477b 2008.1/i586/postfix-ldap-2.5.1-2.3mdv2008.1.i586.rpm b4e3859a783b67327039243e502aa157 2008.1/i586/postfix-mysql-2.5.1-2.3mdv2008.1.i586.rpm 8c7a5ae2e92c1f2527f21290f8c8d1d6 2008.1/i586/postfix-pcre-2.5.1-2.3mdv2008.1.i586.rpm 4a824e461d20be248d732a0ecee84b17 2008.1/i586/postfix-pgsql-2.5.1-2.3mdv2008.1.i586.rpm 2cf1299ed9de757fec29e360dfb24d83 2008.1/SRPMS/postfix-2.5.1-2.3mdv2008.1.src.rpm