Skip to navigation

Security Advisory Moderate: postfix security update

Advisory: RHSA-2008:0839-3
Type: Security Advisory
Severity: Moderate
Issued on: 2008-08-14
Last updated on: 2008-08-14
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2008-2936

Details

Updated postfix packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A flaw was found in the way Postfix dereferences symbolic links. If a local
user has write access to a mail spool directory with no root mailbox, it
may be possible for them to append arbitrary data to files that root has
write permission to. (CVE-2008-2936)

Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.

All users of postfix should upgrade to these updated packages, which
contain a backported patch that resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
postfix-2.0.16-14.1.RHEL3.src.rpm     MD5: 6a52529c823d04adaba7487df1c7d3d8
 
IA-32:
postfix-2.0.16-14.1.RHEL3.i386.rpm     MD5: 52da9bfaafeba3b53bbf2d26f67977b9
 
x86_64:
postfix-2.0.16-14.1.RHEL3.x86_64.rpm     MD5: 1babde7a1b661e7ae986bbe1113d34de
 
Red Hat Desktop (v. 4)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: d675907ea8a57c16e2ccee342399b4a2
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
postfix-2.3.3-2.1.el5_2.src.rpm
File outdated by:  RHBA-2013:0054
    MD5: 43aec8f52490755eca151024c08ba355
 
IA-32:
postfix-2.3.3-2.1.el5_2.i386.rpm
File outdated by:  RHBA-2013:0054
    MD5: e4157dcd48728ba02cb24268247e4a12
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm
File outdated by:  RHBA-2013:0054
    MD5: 1883aba296eb4f56898f3de77be82461
 
IA-64:
postfix-2.3.3-2.1.el5_2.ia64.rpm
File outdated by:  RHBA-2013:0054
    MD5: 3e017d125b682850fa743f94490e4e84
postfix-pflogsumm-2.3.3-2.1.el5_2.ia64.rpm
File outdated by:  RHBA-2013:0054
    MD5: 85723d19ec825a70e804a5f137e721ae
 
PPC:
postfix-2.3.3-2.1.el5_2.ppc.rpm
File outdated by:  RHBA-2013:0054
    MD5: c48d78d3f510fb10339d17a4476d6eb3
postfix-pflogsumm-2.3.3-2.1.el5_2.ppc.rpm
File outdated by:  RHBA-2013:0054
    MD5: 0f95cce72c96a3cc7039118c130515b3
 
s390x:
postfix-2.3.3-2.1.el5_2.s390x.rpm
File outdated by:  RHBA-2013:0054
    MD5: 947ed724df3ac9647560e8e7933ccb26
postfix-pflogsumm-2.3.3-2.1.el5_2.s390x.rpm
File outdated by:  RHBA-2013:0054
    MD5: c2377777e616366cfe3b7c1db130dd27
 
x86_64:
postfix-2.3.3-2.1.el5_2.x86_64.rpm
File outdated by:  RHBA-2013:0054
    MD5: 57ead290f1df23a6a1a5229591ef20b0
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm
File outdated by:  RHBA-2013:0054
    MD5: d609e3952b76764fa557592216f8787c
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
postfix-2.0.16-14.1.RHEL3.src.rpm     MD5: 6a52529c823d04adaba7487df1c7d3d8
 
IA-32:
postfix-2.0.16-14.1.RHEL3.i386.rpm     MD5: 52da9bfaafeba3b53bbf2d26f67977b9
 
IA-64:
postfix-2.0.16-14.1.RHEL3.ia64.rpm     MD5: d822f204b1605f83613ecf650fadb5ff
 
PPC:
postfix-2.0.16-14.1.RHEL3.ppc.rpm     MD5: 3309e60e6f7028225a01dbc4f110391c
 
s390:
postfix-2.0.16-14.1.RHEL3.s390.rpm     MD5: e1771eb526116d10c69c921ec2df7133
 
s390x:
postfix-2.0.16-14.1.RHEL3.s390x.rpm     MD5: 5ab3d2dc9a8293fa8886a900a92e1a8e
 
x86_64:
postfix-2.0.16-14.1.RHEL3.x86_64.rpm     MD5: 1babde7a1b661e7ae986bbe1113d34de
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
IA-64:
postfix-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 47a8c6ec1c15b5c7995ad6090c2ba5ca
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 7baa93d940d40fd4d37b8cefbf211eba
 
PPC:
postfix-2.2.10-1.2.1.el4_7.ppc.rpm
File outdated by:  RHSA-2011:0843
    MD5: 1bfd6213d7ceb3b050405dfc7823d81c
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm
File outdated by:  RHSA-2011:0843
    MD5: 2bc3b1cf285c266eaf285ca3d3d6ab05
 
s390:
postfix-2.2.10-1.2.1.el4_7.s390.rpm
File outdated by:  RHSA-2011:0843
    MD5: 9258e21b9d0dc2c6652c882de031593f
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm
File outdated by:  RHSA-2011:0843
    MD5: 37a6694dc869d8bc04a51a900e58a549
 
s390x:
postfix-2.2.10-1.2.1.el4_7.s390x.rpm
File outdated by:  RHSA-2011:0843
    MD5: e77719ad9cb9daf0543456e8e1f83999
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm
File outdated by:  RHSA-2011:0843
    MD5: 0e3361ba18313ac6b04a529166578a7a
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: d675907ea8a57c16e2ccee342399b4a2
 
Red Hat Enterprise Linux AS (v. 4.7.z)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm     MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm     MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
IA-64:
postfix-2.2.10-1.2.1.el4_7.ia64.rpm     MD5: 47a8c6ec1c15b5c7995ad6090c2ba5ca
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm     MD5: 7baa93d940d40fd4d37b8cefbf211eba
 
PPC:
postfix-2.2.10-1.2.1.el4_7.ppc.rpm     MD5: 1bfd6213d7ceb3b050405dfc7823d81c
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm     MD5: 2bc3b1cf285c266eaf285ca3d3d6ab05
 
s390:
postfix-2.2.10-1.2.1.el4_7.s390.rpm     MD5: 9258e21b9d0dc2c6652c882de031593f
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm     MD5: 37a6694dc869d8bc04a51a900e58a549
 
s390x:
postfix-2.2.10-1.2.1.el4_7.s390x.rpm     MD5: e77719ad9cb9daf0543456e8e1f83999
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm     MD5: 0e3361ba18313ac6b04a529166578a7a
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm     MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm     MD5: d675907ea8a57c16e2ccee342399b4a2
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
postfix-2.3.3-2.1.el5_2.src.rpm
File outdated by:  RHBA-2013:0054
    MD5: 43aec8f52490755eca151024c08ba355
 
IA-32:
postfix-2.3.3-2.1.el5_2.i386.rpm
File outdated by:  RHBA-2013:0054
    MD5: e4157dcd48728ba02cb24268247e4a12
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm
File outdated by:  RHBA-2013:0054
    MD5: 1883aba296eb4f56898f3de77be82461
 
x86_64:
postfix-2.3.3-2.1.el5_2.x86_64.rpm
File outdated by:  RHBA-2013:0054
    MD5: 57ead290f1df23a6a1a5229591ef20b0
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm
File outdated by:  RHBA-2013:0054
    MD5: d609e3952b76764fa557592216f8787c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
postfix-2.0.16-14.1.RHEL3.src.rpm     MD5: 6a52529c823d04adaba7487df1c7d3d8
 
IA-32:
postfix-2.0.16-14.1.RHEL3.i386.rpm     MD5: 52da9bfaafeba3b53bbf2d26f67977b9
 
IA-64:
postfix-2.0.16-14.1.RHEL3.ia64.rpm     MD5: d822f204b1605f83613ecf650fadb5ff
 
x86_64:
postfix-2.0.16-14.1.RHEL3.x86_64.rpm     MD5: 1babde7a1b661e7ae986bbe1113d34de
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
IA-64:
postfix-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 47a8c6ec1c15b5c7995ad6090c2ba5ca
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 7baa93d940d40fd4d37b8cefbf211eba
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: d675907ea8a57c16e2ccee342399b4a2
 
Red Hat Enterprise Linux ES (v. 4.7.z)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm     MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm     MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
IA-64:
postfix-2.2.10-1.2.1.el4_7.ia64.rpm     MD5: 47a8c6ec1c15b5c7995ad6090c2ba5ca
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm     MD5: 7baa93d940d40fd4d37b8cefbf211eba
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm     MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm     MD5: d675907ea8a57c16e2ccee342399b4a2
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)

SRPMS:
postfix-2.3.3-2.1.el5_2.src.rpm
File outdated by:  RHBA-2013:0054
    MD5: 43aec8f52490755eca151024c08ba355
 
IA-32:
postfix-2.3.3-2.1.el5_2.i386.rpm     MD5: e4157dcd48728ba02cb24268247e4a12
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm     MD5: 1883aba296eb4f56898f3de77be82461
 
IA-64:
postfix-2.3.3-2.1.el5_2.ia64.rpm     MD5: 3e017d125b682850fa743f94490e4e84
postfix-pflogsumm-2.3.3-2.1.el5_2.ia64.rpm     MD5: 85723d19ec825a70e804a5f137e721ae
 
PPC:
postfix-2.3.3-2.1.el5_2.ppc.rpm     MD5: c48d78d3f510fb10339d17a4476d6eb3
postfix-pflogsumm-2.3.3-2.1.el5_2.ppc.rpm     MD5: 0f95cce72c96a3cc7039118c130515b3
 
s390x:
postfix-2.3.3-2.1.el5_2.s390x.rpm     MD5: 947ed724df3ac9647560e8e7933ccb26
postfix-pflogsumm-2.3.3-2.1.el5_2.s390x.rpm     MD5: c2377777e616366cfe3b7c1db130dd27
 
x86_64:
postfix-2.3.3-2.1.el5_2.x86_64.rpm     MD5: 57ead290f1df23a6a1a5229591ef20b0
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm     MD5: d609e3952b76764fa557592216f8787c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
postfix-2.0.16-14.1.RHEL3.src.rpm     MD5: 6a52529c823d04adaba7487df1c7d3d8
 
IA-32:
postfix-2.0.16-14.1.RHEL3.i386.rpm     MD5: 52da9bfaafeba3b53bbf2d26f67977b9
 
IA-64:
postfix-2.0.16-14.1.RHEL3.ia64.rpm     MD5: d822f204b1605f83613ecf650fadb5ff
 
x86_64:
postfix-2.0.16-14.1.RHEL3.x86_64.rpm     MD5: 1babde7a1b661e7ae986bbe1113d34de
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
postfix-2.2.10-1.2.1.el4_7.src.rpm
File outdated by:  RHSA-2011:0843
    MD5: a4687bae6f5e6ae5970f49c119665b74
 
IA-32:
postfix-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: fcb3fca080aea5d5a709654b9e07d874
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm
File outdated by:  RHSA-2011:0843
    MD5: 9dc81f8c9b8281c567dbcf050acf82cd
 
IA-64:
postfix-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 47a8c6ec1c15b5c7995ad6090c2ba5ca
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm
File outdated by:  RHSA-2011:0843
    MD5: 7baa93d940d40fd4d37b8cefbf211eba
 
x86_64:
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: a19c97cccc41ddb0c184d86a175bdb69
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm
File outdated by:  RHSA-2011:0843
    MD5: d675907ea8a57c16e2ccee342399b4a2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

456314 - CVE-2008-2936 postfix privilege escalation flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/