Fedora 8: 2023:0011-1 Critical: Postfix Privilege Escalation and DoS

fedora

October 9, 2008

New upstream patch level version 2.5.5, including multiple security fixes detailed in upstream announcements: http://www.postfix.org/announcements/20080814.html http://www.postf...

Summary

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),

TLS

New upstream patch level version 2.5.5, including multiple security fixes

detailed in upstream announcements:

http://www.postfix.org/announcements/20080814.html

http://www.postfix.org/announcements/20080902.html

* Wed Sep 17 2008 Thomas Woerner 2:2.5.5-1

- new version 2.5.5

fixes CVE-2008-2936, CVE-2008-2937 and CVE-2008-3889 (rhbz#459101)

* Thu Aug 28 2008 Tom "spot" Callaway 2:2.5.1-4

- fix license tag

* Thu Aug 14 2008 Thomas Woerner 2:2.5.1-3

- fixed postfix privilege problem with symlinks in the mail spool directory

(CVE-2008-2936) (rhbz#459101)

* Wed Mar 12 2008 Thomas Woerner 2:2.5.1-2

- fixed fix for enabling IPv6 support (rhbz#437024)

- added new postfix data directory (rhbz#437042)

* Thu Feb 21 2008 Thomas Woerner 2:2.5.1-1

- new verison 2.5.1

* Wed Feb 20 2008 Fedora Release Engineering - 2:2.4.6-3

- Autorebuild for GCC 4.3

* Thu Dec 6 2007 Release Engineering - 2.4.6-2

- Rebuild for deps

* Wed Nov 28 2007 Thomas Woerner 2:2.4.6-1

- new verison 2.4.6

- added virtual server(smtp) provide (rhbz#380631)

- enabling IPv6 support (rhbz#197105)

- made the MYSQL and PGSQL defines overloadable as build argument

* Wed Nov 7 2007 Thomas Woerner 2:2.4.5-3

- fixed multilib conflict for makedefs.out: rename to makedefs.out-ppc

(rhbz#342941)

- enabled mysql support

[ 1 ] Bug #456314 - CVE-2008-2936 postfix privilege escalation flaw

https://bugzilla.redhat.com/show_bug.cgi?id=456314

[ 2 ] Bug #456347 - CVE-2008-2937 postfix improper mailbox permissions

https://bugzilla.redhat.com/show_bug.cgi?id=456347

[ 3 ] Bug #460906 - CVE-2008-3889 postfix: local DoS via leaked file descriptor

https://bugzilla.redhat.com/show_bug.cgi?id=460906

su -c 'yum update postfix' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics Covered

security advisory Fedora privilege escalation DoS local exploit mail transport improper permissions

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 8

Version: 2.5.5

Release: 1.fc8

URL: http://www.postfix.org

Summary: Postfix Mail Transport Agent

Topics Covered

security advisory Fedora privilege escalation DoS local exploit mail transport improper permissions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 8: 2023:0011-1 Critical: Postfix Privilege Escalation and DoS

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 8: 2023:0011-1 Critical: Postfix Privilege Escalation and DoS

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!