===========================================================
Ubuntu Security Notice USN-636-1 August 19, 2008
postfix vulnerability
CVE-2008-2936
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postfix 2.2.10-1ubuntu0.2
Ubuntu 7.04:
postfix 2.3.8-2ubuntu0.2
Ubuntu 7.10:
postfix 2.4.5-3ubuntu1.2
Ubuntu 8.04 LTS:
postfix 2.5.1-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Sebastian Krahmer discovered that Postfix was not correctly handling
mailbox ownership when dealing with Linux's implementation of hardlinking
to symlinks. In certain mail spool configurations, a local attacker
could exploit this to append data to arbitrary files as the root user.
The default Ubuntu configuration was not vulnerable.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 158790 ebe05497d5747e14d9ba4218319b419a
Size/MD5: 939 911d13d0db9a6e56791740268791a454
Size/MD5: 2443513 440a4702182a79ac2f51e8974fb742c9
Architecture independent packages:
Size/MD5: 111048 385991b70757c4c554e6d5ef4563506e
Size/MD5: 665876 f1f70b1f87fb87223caefb4d5de3cd30
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 40662 84cbe555f64ff26871444be2dd719bea
Size/MD5: 35888 89e57a726891c70c0d35bb92f05ccbdc
Size/MD5: 35496 dbdb17cfa31cf860034dbf92a178ee70
Size/MD5: 35708 9f72eb8e960caa465a374e5943e1f70d
Size/MD5: 1002408 22ba89119fa409b16f8b8913ea965b36
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 39604 9b00783a631a0fca37e77256224b76f1
Size/MD5: 35442 a1a84bce2079bae3799ba9822e7cf450
Size/MD5: 34892 13856c3b6e3eb048ae0765d2fffd5f86
Size/MD5: 35258 fb49f0c2be6704b4fe30aac746b9acfd
Size/MD5: 923432 2679d51bbdb5fb28e0e2748e74225a19
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 41318 bc0b0472688c94e197d44560d3400620
Size/MD5: 37304 a6d1cd58415eec2b23b9b7cf9799a791
Size/MD5: 36864 24ad41aa3d4b49035ab8a6e5fe0bb98a
Size/MD5: 37144 8e49b1fdd458340becfacdd975855375
Size/MD5: 1022534 fafd2baec74d3543c74bf30956685635
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 40200 846923c4c1d784114dd827d98497efb2
Size/MD5: 35640 ecf1c95cf92ee12f7d74a1239c564ce7
Size/MD5: 35070 4dcd50d6119077932ec6d124100eba0e
Size/MD5: 35536 dc2c3279be224e9300a5e615f96d54b3
Size/MD5: 936736 d935e6f4a43d439606061732f9206ad3
Updated packages for Ubuntu 7.04:
Source archives:
Size/MD5: 179040 20b66629425a363224f7dacb2719bbc6
Size/MD5: 1045 2e5442d80de5b1db62f126c93bfc71de
Size/MD5: 2787761 a6c560657788fc7a5444fa9ea32f5513
Architecture independent packages:
Size/MD5: 127836 3b462fec112994ed01a2c29a29d0430f
Size/MD5: 765926 df5c11fb2547e7cddec34f1b46d61805
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 36536 470e1c4c5b1a8c0fff01f74f3847f74c
Size/MD5: 43404 244e0c5f182913684b3e5a263f3eec3c
Size/MD5: 38450 1075d9af7fc0758a54619b7323c08382
Size/MD5: 38496 5abd4dafc463ab3504da1e39d97fa4a5
Size/MD5: 38560 8705afde3e81b3094219e0cdbccdc497
Size/MD5: 1160330 43c90381ea4ddb9aa43ce4838bc4b007
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 36298 5d6e4b00fa9ef65e2a11e8b20f2fe429
Size/MD5: 42708 4170e198093e0edc3efb1531cba3ea5a
Size/MD5: 38182 5c98fde9094e94c3cbcfec62f54fa1cc
Size/MD5: 38010 b8b6b419f7e6365a077819f72d1501f5
Size/MD5: 38248 29f8c55f295b2dd6add0d3ab367dd6c1
Size/MD5: 1091798 1dc93d7fb2117cb51b3b8ee942609cd8
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 38660 9bc4a72da708ce310d24260aba619b55
Size/MD5: 45304 cef467b7bdcada7b2f7c3c0882a1360e
Size/MD5: 40746 a762f5454e0bf8951f3d141ca1cfd97c
Size/MD5: 40508 18fa95520c350f37637bc76057f3e423
Size/MD5: 40872 7d6fd4580df097f69ac43a7725e9358d
Size/MD5: 1250290 254af1263b8ab4e73c85505197b7d5eb
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 36246 169219f5e401310e3cd11835e5db44be
Size/MD5: 43034 982a9da17823e7f7db0ead4e6b4fa2c6
Size/MD5: 38152 6d88f08012b527764dfe79c36905022d
Size/MD5: 38028 8df8f345574e6a6efeb90d5a1fe67be7
Size/MD5: 38282 8c8b38694a148be8ccd61200b1cb3f38
Size/MD5: 1109436 2e2b1c0edd99100dfeeb55133d2eae06
Updated packages for Ubuntu 7.10:
Source archives:
Size/MD5: 209826 4dc60005ca6e2c5f59e84648985c537f
Size/MD5: 1034 95363287774288965d6188725a089901
Size/MD5: 2934634 ceba0cde05d12baa0ba2ed69fbb96b42
Architecture independent packages:
Size/MD5: 131508 ea4adb1f2dccb38324d0cd397f54a3df
Size/MD5: 805910 aa004a8258cf394cac1ffc321528082e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 38110 86eda497ee4fd42c1e21d3774d8b5a0b
Size/MD5: 45242 64103ee95852c5e2b500ee95f3142da6
Size/MD5: 40054 399b36a2522047e890a2bd88f0f57a58
Size/MD5: 40102 ff9995b801687774960da61d100f3064
Size/MD5: 40150 593e04136d69d2bb7beb681384bf925b
Size/MD5: 1188168 d8e47c5cb0e9d73e18072366832349fb
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 37886 44fc0bc073524d741b59eccc3db9450b
Size/MD5: 44584 47181a92153fa4f0fea74a3ccca842ce
Size/MD5: 39726 5fdecc93373f6a181e416f98f902c61e
Size/MD5: 39568 1b7a5b1230c5adbb7d5ee0fab5c4c07b
Size/MD5: 39810 7fc771389f9ee3460703fc6a320b1c90
Size/MD5: 1118918 d345dda9af37e3ad0d9ff5497c7cdc32
lpia architecture (Low Power Intel Architecture):
Size/MD5: 37858 0876387abbbd1c60bf67951e4108e85b
Size/MD5: 44332 294c1a503a142ebfce9d62e1b236293e
Size/MD5: 39738 c7235b9a994e0f3ff54c51434fed7ef5
Size/MD5: 39464 2034676f32410c3dd8a2b5a3e223dfa0
Size/MD5: 39806 7d81a4e723d462a8a4346476a331f564
Size/MD5: 1109680 0186655c7e92dd3bac61116f5f09ced4
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 40254 e3b6e4041bedb336913a65c2f420ffd9
Size/MD5: 47190 2074d9bbedca312724d4330b431476cd
Size/MD5: 42312 e6ff8a5f41167ac1c16133d29a8428f6
Size/MD5: 42104 51e65af71c5ecca825921527f5dfcb1f
Size/MD5: 42442 217cb5ffd89dcaac4f4706761d33ff5b
Size/MD5: 1282068 71b40f40f51f364a8f19cec47dcb8b16
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 37894 4e72739c8d7f7d22a277f47830907aab
Size/MD5: 45020 348924b4bdf4c5bb3e1432f90128c41a
Size/MD5: 39740 0e5260cee5a41c95538505545e8930b6
Size/MD5: 39716 c46dbfe1ae7b6998a4f979deb6d38efb
Size/MD5: 39944 727078d9e7c887b5c40dd0c41fae494b
Size/MD5: 1138246 7cc8d09dbf3f00fa3a794b9b153d323b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 213794 7b4334bd696a7ad8040adc1e161b0728
Size/MD5: 1074 87a5e2cc9c84e355e6cfc87479558ef9
Size/MD5: 3153629 95a559c509081fdd07d78eafd4f4c3b4
Architecture independent packages:
Size/MD5: 136926 5e2342815225dde97e599b795869c440
Size/MD5: 892342 29bf7b8216b1bc764733368d9dc89757
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 40198 78ddaa1e204dca1ea2c3f6c1843e2c0a
Size/MD5: 47576 604b3d115e16b92d1eb4dd59fad03153
Size/MD5: 42092 45b3697d79eb2d6cbba5d8e365d9d64e
Size/MD5: 42066 1fb6f543973b63510aad129964fa0256
Size/MD5: 42198 c3ed9184ce3c2774c6d04f1f7ff0bbdc
Size/MD5: 1229540 17e12578544c3967a5ab9ab6fda8cadb
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 39938 20a8ee462f522033a866d2ee633fd196
Size/MD5: 46836 3ab3f65fc6bb99c6f1bc16d841e32b15
Size/MD5: 41858 69a5f3580b0593d9cd17e0a9b5aa1dd1
Size/MD5: 41660 d505de7f65b1dbdff7c21ea0bdbd23fa
Size/MD5: 41928 176dc2c77c96ed0bb12b205acb41e3dd
Size/MD5: 1160294 b84b067af6de626db8ccdf2194e2bf18
lpia architecture (Low Power Intel Architecture):
Size/MD5: 39916 04fd7aa3d769c46bda43426e5b44d75d
Size/MD5: 46904 82e6ed37ae4b1a84dd3c1c32d45ccd1d
Size/MD5: 41842 2c6dff73aa998744ed7f0ce1504849d4
Size/MD5: 41566 31fc26942c5640325cf935042697c153
Size/MD5: 41910 3d571259272f296e535dc6036f44519b
Size/MD5: 1156792 d4431f19c2be4b04ca630a77d5168daf
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 42278 7464c74db433abd32dbeaec05ee670a1
Size/MD5: 49566 973b8fc257dc4d229341eb378ac45562
Size/MD5: 44402 956e887f9e3474185f8c3bcab69aa864
Size/MD5: 44184 4bd5a4630e414a17aa782acad9ae0cb9
Size/MD5: 44538 9fbb5e83b895e279a9cea01bbf2aa7dd
Size/MD5: 1327794 070e9cade92d85939b9a1d2f19b04df4
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 39872 1e9c43283f2fc12f33169913f0f13345
Size/MD5: 47068 934a7df55a9c4cde1a08050272784d24
Size/MD5: 41742 67fdde3f8bb0dd7d7f2e18bd56e5f796
Size/MD5: 41770 d984d9d79311dfd294e4e0e19ac3a512
Size/MD5: 41950 46d7589c5a83a3b94f138c01c1f2d8a6
Size/MD5: 1175744 75fccac6b0b901bb0c603b4725236318
--x+WOirvrtTKur1pg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook
iEYEARECAAYFAkirRP8ACgkQH/9LqRcGPm1OugCfXZmZTHHZFa41q/YWYCBtbVQj
2QcAnj7pfbqh0TtaTywTP1SVeaJ+dv3M
=Z34u
-----END PGP SIGNATURE-------x+WOirvrtTKur1pg--
--==============g36539280117892512=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--==============g36539280117892512==--
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.