Login
Newsletter
Werbung

Sicherheit: Denial of Service in postfix
Aktuelle Meldungen Distributionen
Name: Denial of Service in postfix
ID: MDVSA-2008:190
Distribution: Mandriva
Plattformen: Mandriva 2008.0, Mandriva 2008.1
Datum: Mi, 10. September 2008, 20:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
http://www.postfix.org/announcements/20080902.html
Applikationen: Postfix

Originalnachricht

This is a multi-part message in MIME format...

------------=_1221072640-11275-9025


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:190
http://www.mandriva.com/security/
_______________________________________________________________________

Package : postfix
Date : September 10, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
http://www.postfix.org/announcements/20080902.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
c0bf5d528d5d41dcd2d20ebdb34d0cda
2008.0/i586/libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm
fa944c0d7f0cbea926f535d510bf55d1
2008.0/i586/postfix-2.4.5-2.2mdv2008.0.i586.rpm
198798461aa8d36de69167dabf12e753
2008.0/i586/postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm
58655741a221fa54a33566568f3b4b82
2008.0/i586/postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm
a38a78d39fe49cfa5dd71ee4f5a8a2bd
2008.0/i586/postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm
6d26bd16aaab2333dc84a86b0595b31d
2008.0/i586/postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm
da3f4b0d105461a2c0cc9d0ffdb8afbc
2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
028de47e6f9dd2a18be1afbfbfcc7b35
2008.0/x86_64/lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm
4e790bb1f1cb14e0eb008e8188c7d7f3
2008.0/x86_64/postfix-2.4.5-2.2mdv2008.0.x86_64.rpm
a843dc0ab9e22c27f1a83d3dd01139fd
2008.0/x86_64/postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm
9e50dfda594b6e6c270d001f5c020086
2008.0/x86_64/postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm
b27f29aa607246fa343244e783080dce
2008.0/x86_64/postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm
90992c9e66cbfa61adcc8f25af56bad0
2008.0/x86_64/postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm
da3f4b0d105461a2c0cc9d0ffdb8afbc
2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
f7e093f905a77ffff051dd1f1719e70c
2008.1/i586/libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm
17806bd3791473f79636f6e96aac3b16
2008.1/i586/postfix-2.5.1-2.2mdv2008.1.i586.rpm
ccbd6e6f134329f298da2e73ee924624
2008.1/i586/postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm
5e7501b1c226168794559a0c945c51ce
2008.1/i586/postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm
44482a44ec46d379cc90ec71b8d3da40
2008.1/i586/postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm
ed1ddf0451d015b1c85d09d438406c04
2008.1/i586/postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm
d450d39e8073c6c9f1c9003f6189cf1a
2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
f9a52469d5700428f6a2c606d2846299
2008.1/x86_64/lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm
5cb84c0ebe53a446efd208da355a9b4b
2008.1/x86_64/postfix-2.5.1-2.2mdv2008.1.x86_64.rpm
cdc066f4ebcd87b1902d330129ff5a87
2008.1/x86_64/postfix-ldap-2.5.1-2.2mdv2008.1.x86_64.rpm
4067143e300d124b20d7a24972c4ae22
2008.1/x86_64/postfix-mysql-2.5.1-2.2mdv2008.1.x86_64.rpm
65a6a8c5206d7a9c45b12557896cba58
2008.1/x86_64/postfix-pcre-2.5.1-2.2mdv2008.1.x86_64.rpm
b8d9b415787c02698fa29772942a2300
2008.1/x86_64/postfix-pgsql-2.5.1-2.2mdv2008.1.x86_64.rpm
d450d39e8073c6c9f1c9003f6189cf1a
2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIx+rLmqjQ0CJFipgRAuAOAJ9aBgcJBhECmuKoZUNfwNNc1jIuCwCfXO2S
zOSgJcz1VDJM8xHCoK3WQPM=
=Gg7G
-----END PGP SIGNATURE-----


------------=_1221072640-11275-9025
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1221072640-11275-9025--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung