RHSA-2008:0839 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: postfix security update

Type/Severity

Security Advisory: Moderate

Topic

Updated postfix packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A flaw was found in the way Postfix dereferences symbolic links. If a local
user has write access to a mail spool directory with no root mailbox, it
may be possible for them to append arbitrary data to files that root has
write permission to. (CVE-2008-2936)

Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.

All users of postfix should upgrade to these updated packages, which
contain a backported patch that resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.2 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.2 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.2 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 456314 - CVE-2008-2936 postfix privilege escalation flaw

CVEs

CVE-2008-2936

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
ia64
postfix-2.3.3-2.1.el5_2.ia64.rpm	SHA-256: fc6c0c8c0c5579b1f15dbaa35c4983897c8beb05e67f9fc2c6a4504a7c194f1c
postfix-pflogsumm-2.3.3-2.1.el5_2.ia64.rpm	SHA-256: c45d57e08ea63d7b505b6146b95dc860616d63d02b2a688a274138ad47f130ed
i386
postfix-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Server 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Workstation 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Workstation 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
ia64
postfix-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: a63675d4d78099375d040d43f7e6a93aeb02fce8725a60bf6a5d80f39ecbb186
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ia64.rpm	SHA-256: 5d9b06ba25c79221a0dd6e3cf5b4eda7bbb0d46d944a7a998c20cfab922bf60d
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux Desktop 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

Red Hat Enterprise Linux Desktop 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
x86_64
postfix-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: 2360233ddbcfa6a719917f58384c198746d8f1cc590495fd75a965275d299f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm	SHA-256: bd18950537c5572d980c4c1224767e4ab062c56775c459c61bdec65454fa6822
i386
postfix-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: b02656ad360fb04f82cec6646dea963a5ead87efc1778ecc1f8790f54be73a85
postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm	SHA-256: 04369e9a6a51318c62de79f9dee389ac1268d12d0df968c6daffc08c5e4dacde

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
s390x
postfix-2.3.3-2.1.el5_2.s390x.rpm	SHA-256: 2c333162de25d50fb5b226b36dbfeb83c5ba9854c8646773137047d736a11501
postfix-pflogsumm-2.3.3-2.1.el5_2.s390x.rpm	SHA-256: e137e62615d3d94bad34c884272b85ef09857de7caa4b20b98b201a849d12a33

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
s390x
postfix-2.2.10-1.2.1.el4_7.s390x.rpm	SHA-256: c06ba754f876dc507b98b4600ec8c65ec2b843323129dae224d870cf74e21f7e
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm	SHA-256: 5a4dcf661c28f9fde6335f0c73cb49e3cdd27c2066a12c60bfbb3d1b4da7b0a4
s390
postfix-2.2.10-1.2.1.el4_7.s390.rpm	SHA-256: 4b3354f47c22dd6fe92a842d4f023827fe3ad2e2cc2a46748013dcf020898f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm	SHA-256: 35aa6f32f8f0a946691f73940b83442ab3d93ad968934dd13127647eb0b4c641

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
s390x
postfix-2.2.10-1.2.1.el4_7.s390x.rpm	SHA-256: c06ba754f876dc507b98b4600ec8c65ec2b843323129dae224d870cf74e21f7e
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390x.rpm	SHA-256: 5a4dcf661c28f9fde6335f0c73cb49e3cdd27c2066a12c60bfbb3d1b4da7b0a4
s390
postfix-2.2.10-1.2.1.el4_7.s390.rpm	SHA-256: 4b3354f47c22dd6fe92a842d4f023827fe3ad2e2cc2a46748013dcf020898f12
postfix-pflogsumm-2.2.10-1.2.1.el4_7.s390.rpm	SHA-256: 35aa6f32f8f0a946691f73940b83442ab3d93ad968934dd13127647eb0b4c641

Red Hat Enterprise Linux for Power, big endian 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
ppc
postfix-2.3.3-2.1.el5_2.ppc.rpm	SHA-256: 576ebbe65f08d2f6730840d576a06842cc03a06a13d7c293cf0bb27b2d890676
postfix-pflogsumm-2.3.3-2.1.el5_2.ppc.rpm	SHA-256: a4e82a2d180057d2f549f2a79c1989b6713cce2104ecd467f0e5e091d189c56d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
ppc
postfix-2.2.10-1.2.1.el4_7.ppc.rpm	SHA-256: 5c7d83494e301ec4ca5c59809c5a3f90ba02278b7024384bfdf69d78f69b4bf5
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm	SHA-256: aefab138699ccd0d2708616bc2ad41568120225dec74f2f6e807fededb0e962e

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
postfix-2.2.10-1.2.1.el4_7.src.rpm	SHA-256: 16edfbde0da5be6979f8c92d2f01c381864e5d5f1b3d513dd837a4512f058425
ppc
postfix-2.2.10-1.2.1.el4_7.ppc.rpm	SHA-256: 5c7d83494e301ec4ca5c59809c5a3f90ba02278b7024384bfdf69d78f69b4bf5
postfix-pflogsumm-2.2.10-1.2.1.el4_7.ppc.rpm	SHA-256: aefab138699ccd0d2708616bc2ad41568120225dec74f2f6e807fededb0e962e

Red Hat Enterprise Linux Server from RHUI 5

SRPM
postfix-2.3.3-2.1.el5_2.src.rpm	SHA-256: 5852d0a2429ad7aed57ec4caba5b2b1bbe7a00cbf970dd507ff994083bb7a5bd
x86_64
postfix-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: 8126082b34ed6d3df99aec1c042d5a4b3472b38824b6324f525e62f48313b589
postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm	SHA-256: aa44b8c8849a3fe80cb33f30548324b65ac2b4766e74b5089d2fa7412e38878b
i386
postfix-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 4f2e9f2c5b7e171b18aa8c526cd9ffe08bf70b9822eb00aee7f37b1ae07578f4
postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm	SHA-256: 68c8c6da73e0bd0556cc23d456c2379ac7343fba19d33a7539ab0b39501d9048

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.