Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (1)

Important (2)

Ubuntu (4949)

important (27742)

network exposure (39)

security advisory (114935)

sensitive information (185)

yard (4)

critical (18621)

debian (8032)

haveged (7)

local privilege escalation (728)

Debian (1)

Gentoo (1)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -4 articles for you...

security advisorycriticaldebian

Debian DSA-4825-1: Critical Dovecot Update on Email Server Security

Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-24386 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4825-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso January 04, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dovecot CVE ID : CVE-2020-24386 CVE-2020-25275 Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-24386 When imap hibernation is active, an attacker (with valid credentials to access the mail server) can cause Dovecot to discover file system directory structures and access other users' emails via specially crafted commands. CVE-2020-25275 Innokentii Sennovskiy reported that the mail delivery and parsing in Dovecot can crash when the 10000th MIME part is message/rfc822 (or if the parent was multipart/digest). This flaw was introduced by earlier changes addressing CVE-2020-12100. For the stable distribution (buster), these problems have been fixed in version 1:2.3.4.1-5+deb10u5. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dovecot Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security patch released for Postfix on Ubuntu, addressing several vulnerabilities. System administrators urged to apply the update promptly for enhanced protection.. Dovecot Security Update, Debian Vulnerabilities, Email Server Flaws. . Severity: Critical. LinuxSecurity.com Team

Jan 04, 2021 •Critical Debian

security advisoryRed Hatbuffer overflow

Red Hat: RHSA-2014:1172-01 Important: Procmail Buffer Overflow

Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: procmail security update Advisory ID: RHSA-2014:1172-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1172.html Issue date: 2014-09-10 CVE Names: CVE-2014-3618 ==================================================================== 1. Summary: Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially craftedheaders that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2014-3618) All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1137581 - CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: procmail-3.22-17.1.2.src.rpm i386: procmail-3.22-17.1.2.i386.rpm procmail-debuginfo-3.22-17.1.2.i386.rpm x86_64: procmail-3.22-17.1.2.x86_64.rpm procmail-debuginfo-3.22-17.1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: procmail-3.22-17.1.2.src.rpm i386: procmail-3.22-17.1.2.i386.rpm procmail-debuginfo-3.22-17.1.2.i386.rpm ia64: procmail-3.22-17.1.2.ia64.rpm procmail-debuginfo-3.22-17.1.2.ia64.rpm ppc: procmail-3.22-17.1.2.ppc.rpm procmail-debuginfo-3.22-17.1.2.ppc.rpm s390x: procmail-3.22-17.1.2.s390x.rpm procmail-debuginfo-3.22-17.1.2.s390x.rpm x86_64: procmail-3.22-17.1.2.x86_64.rpm procmail-debuginfo-3.22-17.1.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm ppc64: procmail-3.22-25.1.el6_5.1.ppc64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.ppc64.rpm s390x: procmail-3.22-25.1.el6_5.1.s390x.rpm procmail-debuginfo-3.22-25.1.el6_5.1.s390x.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm ppc64: procmail-3.22-34.el7_0.1.ppc64.rpm procmail-debuginfo-3.22-34.el7_0.1.ppc64.rpm s390x: procmail-3.22-34.el7_0.1.s390x.rpm procmail-debuginfo-3.22-34.el7_0.1.s390x.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3618 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUEFTUXlSAg2UNWIIRApZ7AJ4gyPJLSYIQ25mGiFupoO+ZuEQoTwCeODPT E6CP94zetI6yOKM9JomSLwY=pIAe -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent procmail updates for Red Hat Linux rectify a significant buffer overflow, enhancing the security of mail delivery systems.. Red Hat Update, Procmail Security, Mail Delivery Security, Buffer Overflow Patch. . Severity: Important. LinuxSecurity.com Team

Sep 10, 2014 •Important Red Hat

security advisoryred hatremote attack

Red Hat: 2014:1172-01 Critical: Procmail Heap Overflow Risk Alert

Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: procmail security update Advisory ID: RHSA-2014:1172-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1172.html Issue date: 2014-09-10 CVE Names: CVE-2014-3618 ==================================================================== 1. Summary: Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code asthe user running formail. (CVE-2014-3618) All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1137581 - CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: procmail-3.22-17.1.2.src.rpm i386: procmail-3.22-17.1.2.i386.rpm procmail-debuginfo-3.22-17.1.2.i386.rpm x86_64: procmail-3.22-17.1.2.x86_64.rpm procmail-debuginfo-3.22-17.1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: procmail-3.22-17.1.2.src.rpm i386: procmail-3.22-17.1.2.i386.rpm procmail-debuginfo-3.22-17.1.2.i386.rpm ia64: procmail-3.22-17.1.2.ia64.rpm procmail-debuginfo-3.22-17.1.2.ia64.rpm ppc: procmail-3.22-17.1.2.ppc.rpm procmail-debuginfo-3.22-17.1.2.ppc.rpm s390x: procmail-3.22-17.1.2.s390x.rpm procmail-debuginfo-3.22-17.1.2.s390x.rpm x86_64: procmail-3.22-17.1.2.x86_64.rpm procmail-debuginfo-3.22-17.1.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm ppc64: procmail-3.22-25.1.el6_5.1.ppc64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.ppc64.rpm s390x: procmail-3.22-25.1.el6_5.1.s390x.rpm procmail-debuginfo-3.22-25.1.el6_5.1.s390x.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: procmail-3.22-25.1.el6_5.1.src.rpm i386: procmail-3.22-25.1.el6_5.1.i686.rpm procmail-debuginfo-3.22-25.1.el6_5.1.i686.rpm x86_64: procmail-3.22-25.1.el6_5.1.x86_64.rpm procmail-debuginfo-3.22-25.1.el6_5.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm ppc64: procmail-3.22-34.el7_0.1.ppc64.rpm procmail-debuginfo-3.22-34.el7_0.1.ppc64.rpm s390x: procmail-3.22-34.el7_0.1.s390x.rpm procmail-debuginfo-3.22-34.el7_0.1.s390x.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: procmail-3.22-34.el7_0.1.src.rpm x86_64: procmail-3.22-34.el7_0.1.x86_64.rpm procmail-debuginfo-3.22-34.el7_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3618 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Newly released procmail updates for Red Hat have been issued to rectify a significant security vulnerability deemed critical in its implications.. Procmail Update, Red HatEnterprise Linux, Security Fix. . Severity: Important. LinuxSecurity.com Team

Sep 10, 2014 •Important Red Hat

200

security advisorybuffer overflowmoderate severity

Scientific Linux SL3.x: CVE-2008-5005 Moderate: imap Buffer Overflow

Moderate: imap security update. Date: Wed, 18 Feb 2009 14:23:56 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: FASTBUGS for SL 4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." The following FASTBUGS have been uploaded to i386: isdn4k-utils-3.2-19.i386.rpm isdn4k-utils-devel-3.2-19.i386.rpm isdn4k-utils-vboxgetty-3.2-19.i386.rpm sudo-1.6.7p5-30.1.5.i386.rpm xisdnload-3.2-19.i386.rpm x86_64: isdn4k-utils-3.2-19.el4.x86_64.rpm isdn4k-utils-devel-3.2-19.el4.x86_64.rpm isdn4k-utils-vboxgetty-3.2-19.el4.x86_64.rpm sudo-1.6.7p5-30.1.5.x86_64.rpm xisdnload-3.2-19.el4.x86_64.rpm -Connie Sieh -Troy Dawson Date: Thu, 19 Feb 2009 15:53:03 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: imap on SL3.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: imap security update Issue date: 2009-02-19 CVE Names: CVE-2008-5005 A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. (CVE-2008-5005) SL 3.0.x SRPMS: imap-2002d-15.src.rpm i386: imap-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm x86_64: imap-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm -Connie Sieh -Troy Dawson . Recent moderate security patch for IMAP in Scientific Linux SL3.x addresses a buffer overflow vulnerability that could allow remote attackers to execute arbitrary code.. Moderate Update, Scientific Linux, imap Security Fix, Buffer Overflow Risk, SL3.x Patch. . LinuxSecurity.com Team

Feb 19, 2009 Scientific Linux

security advisoryGentoohigh severity

Gentoo: GLSA 200808-12 High: Postfix Local Escalation Threat

Postfix incorrectly checks the ownership of a mailbox, allowing, in certain circumstances, to append data to arbitrary files on a local system with root privileges. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200808-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Postfix: Local privilege escalation vulnerability Date: August 14, 2008 Bugs: #232642 ID: 200808-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Postfix incorrectly checks the ownership of a mailbox, allowing, in certain circumstances, to append data to arbitrary files on a local system with root privileges. Background ========= Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/postfix < 2.5.3-r1 *> = 2.4.7-r1 > = 2.5.3-r1 Description ========== Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this canlead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Impact ===== The combination of these features allows a local attacker to hardlink a root-owned symlink such that the newly created symlink would be root-owned and would point to a regular file (or another symlink) that would be written by the Postfix built-in local(8) or virtual(8) delivery agents, regardless the ownership of the final destination regular file. Depending on the write permissions of the spool mail directory, the delivery style, and the existence of a root mailbox, this could allow a local attacker to append a mail to an arbitrary file like /etc/passwd in order to gain root privileges. The default configuration of Gentoo Linux does not permit any kind of user privilege escalation. The second vulnerability (CVE-2008-2937) allows a local attacker, already having write permissions to the mail spool directory which is not the case on Gentoo by default, to create a previously nonexistent mailbox before Postfix creates it, allowing to read the mail of another user on the system. Workaround ========= The following conditions should be met in order to be vulnerable to local privilege escalation. * The mail delivery style is mailbox, with the Postfix built-in local(8) or virtual(8) delivery agents. * The mail spool directory (/var/spool/mail) is user-writeable. * The user can create hardlinks pointing to root-owned symlinks located in other directories. Consequently, each one of the following workarounds is efficient. * Verify that your /var/spool/mail directory is not writeable by a user. Normally on Gentoo, only the mail group has write access, and no end-user should be granted the mail group ownership. * Prevent the local users from being able to create hardlinks pointing outside of the /var/spool/mail directory, e.g. with a dedicated partition. * Use a non-builtin Postfixdelivery agent, like procmail or maildrop. * Use the maildir delivery style of Postfix ("home_mailbox=Maildir/" for example). Concerning the second vulnerability, check the write permissions of /var/spool/mail, or check that every Unix account already has a mailbox, by using Wietse Venema's Perl script available in the official advisory. Resolution ========= All Postfix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-mta/postfix-2.5.3-r1" References ========= [ 1 ] CVE-2008-2936 https://www.cve.org/CVERecord?id=CVE-2008-2936 [ 2 ] CVE-2008-2937 https://www.cve.org/CVERecord?id=CVE-2008-2937 [ 3 ] Official Advisory Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200808-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Gentoo Security Advisory GLSA 200808-12 reveals vulnerabilities in Postfix, highlighting potential risks for local privilege escalation along with recommended resolutions.. Postfix Local Escalation, Gentoo Security Advisory, Mail Risk Alert. . LinuxSecurity.com Team

Aug 15, 2008 Gentoo

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian DSA-4825-1: Critical Dovecot Update on Email Server Security

Red Hat: RHSA-2014:1172-01 Important: Procmail Buffer Overflow

Red Hat: 2014:1172-01 Critical: Procmail Heap Overflow Risk Alert

Scientific Linux SL3.x: CVE-2008-5005 Moderate: imap Buffer Overflow

Gentoo: GLSA 200808-12 High: Postfix Local Escalation Threat

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!