Oval Definition:oval:com.redhat.rhsa:def:20080839
Revision Date:2008-08-14Version:636
Title:RHSA-2008:0839: postfix security update (Moderate)
Description:Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS.

  • A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936)

    Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue.

    All users of postfix should upgrade to these updated packages, which contain a backported patch that resolves this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-2936
    RHSA-2008:0839
    RHSA-2008:0839-01
    RHSA-2008:0839-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND postfix is earlier than 2:2.0.16-14.1.RHEL3
  • AND postfix is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • postfix-pflogsumm is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix-pflogsumm is signed with Red Hat master key
  • postfix is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postfix is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix is signed with Red Hat redhatrelease key
  • postfix-pflogsumm is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix-pflogsumm is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • postfix is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix is signed with Red Hat redhatrelease2 key
  • postfix-pflogsumm is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix-pflogsumm is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postfix is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix is signed with Red Hat redhatrelease2 key
  • postfix-pflogsumm is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix-pflogsumm is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND postfix is earlier than 2:2.0.16-14.1.RHEL3
  • AND postfix is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • postfix is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix is signed with Red Hat master key
  • postfix-pflogsumm is earlier than 2:2.2.10-1.2.1.el4_7
  • AND postfix-pflogsumm is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • postfix is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix is signed with Red Hat redhatrelease key
  • postfix-pflogsumm is earlier than 2:2.3.3-2.1.el5_2
  • AND postfix-pflogsumm is signed with Red Hat redhatrelease key
    • BACK