---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Debian update for postfix SECUNIA ADVISORY ID: SA31530 VERIFY ADVISORY: http://secunia.com/advisories/31530/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system REVISION: 2.0 originally posted 2008-08-19 OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 4.0 http://secunia.com/product/13844/ DESCRIPTION: Debian has issued an update for postfix. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA31485 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1.diff.gz Size/MD5 checksum: 187783 06817c1a9ac78db520c4a9856e1f606f http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8.orig.tar.gz Size/MD5 checksum: 2787761 a6c560657788fc7a5444fa9ea32f5513 http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1.dsc Size/MD5 checksum: 1201 67cfbe6d62f54b03248610decf23430c Architecture independent packages: http://security.debian.org/pool/updates/main/p/postfix/postfix-doc_2.3.8-2+etch1_all.deb Size/MD5 checksum: 784924 be2dfaabc9e4346fb211be9383c6b7b0 http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_2.3.8-2+etch1_all.deb Size/MD5 checksum: 130964 ee83b6a25f458aa3fe785202db29763c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 38398 7a1047488b79e2e02f624d11014eeecf http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 38426 a016eeaf7033d0ac5eb07b999f2e6af7 http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 36466 e0e5537af489daac95e2d74fdee07a6e http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 1148900 f631d16e8027a78c47ac6ab2c6503e56 http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 43348 1daae02f16464e366f2386e4b82de1d9 http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_amd64.deb Size/MD5 checksum: 38532 63a6da1adb632be43c7118e48ef6f5a6 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 45392 6d5ac13f7d0cd38c4568f5dce3b2de18 http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 39720 89ed20f277270f74b7b6f7e92bb5b2b1 http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 40194 8635fee29c0e8b661ea8cbd3bf6093e9 http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 1174188 fee76ba8167cdffacd22445eca7396b2 http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 37600 c3cddbeefe87b66277dccd6e2bd52f64 http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_hppa.deb Size/MD5 checksum: 39922 572e0d5c09d39a34373d8340c2326b2b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 1090008 e38c0784774c29bb313b8b7d77719782 http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 36596 88af7c1ebb9d6ef8ff1ae1fe82892ca5 http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 38456 3fd5eb9b366ff22b4a8c46b621a216df http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 38772 049c34f8a10e283505978c6be7255a7b http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 38864 440cb71e2a26168a938896ff2af1adc2 http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_i386.deb Size/MD5 checksum: 43250 f5432050f81caf7e58f52cb48c22e7e1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 47956 915c2fab14248e142187e5a613f274c9 http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 38050 4b9c7bda45177283e157153d43633e43 http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 40858 0cdb4f975d9a630f8df58c9cf124fbd1 http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 41164 f0a564de59c461d0e0b667848a18a3f5 http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 40856 3e9ad3317bf31270eaa686f84f7fb8bb http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_ia64.deb Size/MD5 checksum: 1439632 c341d7a699bbe6b13dc560e6f5b4cbbd powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 44290 4c9c2a9c614643bfe983d13b6423d423 http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 40060 4804a7f44b861b6dbeb1a7294709c5ed http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 37822 11ba1ae93492801dc9de16b6130288d1 http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 1167796 7a24c4ea8588e62178a5d2a1c4817f85 http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 39902 363e664c54605ee838c6cf0c8fd9f790 http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_powerpc.deb Size/MD5 checksum: 39758 a33b97afba4cfe193884cdf4a3543e03 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 43392 1318549e29ce2585850562abb98b07f7 http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 38836 a76263d1e6715aa1294307bf581b6424 http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 38454 00b3e98eb57590201dfe4d8775ce298b http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 39010 2d3a02a0e7c7a8ddbe9d0619fe4f8c7d http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 36654 82b473e570eff711781cc384e86636e2 http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_s390.deb Size/MD5 checksum: 1154442 64bf33d9dc4f14badb1c6397a74713f4 -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.5.4-1. CHANGELOG: 2008-08-19: Updated "Solution" section due to a version numbering problem. Added link to updated Debian advisory to "Original Advisory" section. ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/2008/msg00214.html http://lists.debian.org/debian-security-announce/2008/msg00215.html OTHER REFERENCES: SA31485: http://secunia.com/advisories/31485/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------