LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:190 ] postfix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6, where a local user could cause a denial of service due to Postfix leaking the epoll file descriptor when executing non-Postfix commands (CVE-2008-3889). The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:190
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : postfix
 Date    : September 10, 2008
 Affected: 2008.0, 2008.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability in Postfix 2.4 and later was discovered, when
 running on Linux kernel 2.6, where a local user could cause a denial
 of service due to Postfix leaking the epoll file descriptor when
 executing non-Postfix commands (CVE-2008-3889).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
 http://www.postfix.org/announcements/20080902.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 c0bf5d528d5d41dcd2d20ebdb34d0cda  2008.0/i586/libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm
 fa944c0d7f0cbea926f535d510bf55d1  2008.0/i586/postfix-2.4.5-2.2mdv2008.0.i586.rpm
 198798461aa8d36de69167dabf12e753  2008.0/i586/postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm
 58655741a221fa54a33566568f3b4b82  2008.0/i586/postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm
 a38a78d39fe49cfa5dd71ee4f5a8a2bd  2008.0/i586/postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm
 6d26bd16aaab2333dc84a86b0595b31d  2008.0/i586/postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm 
 da3f4b0d105461a2c0cc9d0ffdb8afbc  2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 028de47e6f9dd2a18be1afbfbfcc7b35  2008.0/x86_64/lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm
 4e790bb1f1cb14e0eb008e8188c7d7f3  2008.0/x86_64/postfix-2.4.5-2.2mdv2008.0.x86_64.rpm
 a843dc0ab9e22c27f1a83d3dd01139fd  2008.0/x86_64/postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm
 9e50dfda594b6e6c270d001f5c020086  2008.0/x86_64/postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm
 b27f29aa607246fa343244e783080dce  2008.0/x86_64/postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm
 90992c9e66cbfa61adcc8f25af56bad0  2008.0/x86_64/postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm 
 da3f4b0d105461a2c0cc9d0ffdb8afbc  2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f7e093f905a77ffff051dd1f1719e70c  2008.1/i586/libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm
 17806bd3791473f79636f6e96aac3b16  2008.1/i586/postfix-2.5.1-2.2mdv2008.1.i586.rpm
 ccbd6e6f134329f298da2e73ee924624  2008.1/i586/postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm
 5e7501b1c226168794559a0c945c51ce  2008.1/i586/postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm
 44482a44ec46d379cc90ec71b8d3da40  2008.1/i586/postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm
 ed1ddf0451d015b1c85d09d438406c04  2008.1/i586/postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm 
 d450d39e8073c6c9f1c9003f6189cf1a  2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 f9a52469d5700428f6a2c606d2846299  2008.1/x86_64/lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm
 5cb84c0ebe53a446efd208da355a9b4b  2008.1/x86_64/postfix-2.5.1-2.2mdv2008.1.x86_64.rpm
 cdc066f4ebcd87b1902d330129ff5a87  2008.1/x86_64/postfix-ldap-2.5.1-2.2mdv2008.1.x86_64.rpm
 4067143e300d124b20d7a24972c4ae22  2008.1/x86_64/postfix-mysql-2.5.1-2.2mdv2008.1.x86_64.rpm
 65a6a8c5206d7a9c45b12557896cba58  2008.1/x86_64/postfix-pcre-2.5.1-2.2mdv2008.1.x86_64.rpm
 b8d9b415787c02698fa29772942a2300  2008.1/x86_64/postfix-pgsql-2.5.1-2.2mdv2008.1.x86_64.rpm 
 d450d39e8073c6c9f1c9003f6189cf1a  2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Snowden: New Zealand Is Spying, Too
DDoS attackers turn fire on ISPs and gaming servers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.