Red Hat Product Errata RHSA-2008:0839 - Security Advisory
Issued:
2008-08-14
Updated:
2008-08-14

RHSA-2008:0839 - Security Advisory

Synopsis

Moderate: postfix security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated postfix packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A flaw was found in the way Postfix dereferences symbolic links. If a local
user has write access to a mail spool directory with no root mailbox, it
may be possible for them to append arbitrary data to files that root has
write permission to. (CVE-2008-2936)

Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.

All users of postfix should upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 456314 - CVE-2008-2936 postfix privilege escalation flaw

Red Hat Enterprise Linux Server 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
ia64
postfix-2.3.3-2.1.el5_2.ia64.rpm SHA-256: fc6c0c8c0c5579b1f15dbaa35c4983897c8beb05e67f9fc2c6a4504a7c194f1c
postfix-pflogsumm-2.3.3-2.1.el5_2.ia64.rpm SHA-256: c45d57e08ea63d7b505b6146b95dc860616d63d02b2a688a274138ad47f130ed
i386
postfix-2.3.3-2.1.el5_2.i386.rpm SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Server 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Workstation 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Workstation 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Desktop 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
s390x
postfix-2.3.3-2.1.el5_2.s390x.rpm SHA-256: 2c333162de25d50fb5b226b36dbfeb83c5ba9854c8646773137047d736a11501
postfix-pflogsumm-2.3.3-2.1.el5_2.s390x.rpm SHA-256: e137e62615d3d94bad34c884272b85ef09857de7caa4b20b98b201a849d12a33

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
s390x
postfix-2.2.10-1.2.1.el4_7.s390x.rpm SHA-256: c06ba754f876dc507b98b4600ec8c65ec2b843323129dae224d870cf74e21f7e
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm SHA-256: 5a4dcf661c28f9fde6335f0c73cb49e3cdd27c2066a12c60bfbb3d1b4da7b0a4
s390
postfix-2.2.10-1.2.1.el4_7.s390.rpm SHA-256: 4b3354f47c22dd6fe92a842d4f023827fe3ad2e2cc2a46748013dcf020898f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm SHA-256: 35aa6f32f8f0a946691f73940b83442ab3d93ad968934dd13127647eb0b4c641

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
s390x
postfix-2.2.10-1.2.1.el4_7.s390x.rpm SHA-256: c06ba754f876dc507b98b4600ec8c65ec2b843323129dae224d870cf74e21f7e
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm SHA-256: 5a4dcf661c28f9fde6335f0c73cb49e3cdd27c2066a12c60bfbb3d1b4da7b0a4
s390
postfix-2.2.10-1.2.1.el4_7.s390.rpm SHA-256: 4b3354f47c22dd6fe92a842d4f023827fe3ad2e2cc2a46748013dcf020898f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm SHA-256: 35aa6f32f8f0a946691f73940b83442ab3d93ad968934dd13127647eb0b4c641

Red Hat Enterprise Linux for Power, big endian 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
ppc
postfix-2.3.3-2.1.el5_2.ppc.rpm SHA-256: 576ebbe65f08d2f6730840d576a06842cc03a06a13d7c293cf0bb27b2d890676
postfix-pflogsumm-2.3.3-2.1.el5_2.ppc.rpm SHA-256: a4e82a2d180057d2f549f2a79c1989b6713cce2104ecd467f0e5e091d189c56d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
ppc
postfix-2.2.10-1.2.1.el4_7.ppc.rpm SHA-256: 5c7d83494e301ec4ca5c59809c5a3f90ba02278b7024384bfdf69d78f69b4bf5
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm SHA-256: aefab138699ccd0d2708616bc2ad41568120225dec74f2f6e807fededb0e962e

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
ppc
postfix-2.2.10-1.2.1.el4_7.ppc.rpm SHA-256: 5c7d83494e301ec4ca5c59809c5a3f90ba02278b7024384bfdf69d78f69b4bf5
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm SHA-256: aefab138699ccd0d2708616bc2ad41568120225dec74f2f6e807fededb0e962e

Red Hat Enterprise Linux Server from RHUI 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.