RSSfeed
2008-08-19, 23:17
Referenced CVEs:
CVE-2008-2936
Description:
================================================== ========= Ubuntu Security Notice USN-636-1 August 19, 2008postfix vulnerabilityCVE-2008-2936============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Sebastian Krahmer discovered that Postfix was not correctly handlingmailbox ownership when dealing with Linux's implementation of hardlinkingto symlinks. In certain mail spool configurations, a local attackercould exploit this to append data to arbitrary files as the root user.The default Ubuntu configuration was not vulnerable.
Mer... (http://www.ubuntu.com/usn/usn-636-1)
CVE-2008-2936
Description:
================================================== ========= Ubuntu Security Notice USN-636-1 August 19, 2008postfix vulnerabilityCVE-2008-2936============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Sebastian Krahmer discovered that Postfix was not correctly handlingmailbox ownership when dealing with Linux's implementation of hardlinkingto symlinks. In certain mail spool configurations, a local attackercould exploit this to append data to arbitrary files as the root user.The default Ubuntu configuration was not vulnerable.
Mer... (http://www.ubuntu.com/usn/usn-636-1)