Turbolinux Security Announcement - postfix Rocal privilege escalation (20/Aug/2008)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
============================================================
Turbolinux Security Announcement 20/Aug/2008
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) postfix -> Rocal privilege escalation
===========================================================
* postfix -> Rocal privilege escalation
===========================================================
Summary: Rocal privilege escalation
More information:
Postfix is a Mail Transport Agent (MTA).
The Postfix MTA contains a local privilege escalation vulnerability.(VU#938323)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
postfix-2.4.5-9.src.rpm
3011812 58b3b493c67c09b2c8a5bfba6c9e403f
Binary Packages
Size: MD5
postfix-2.4.5-9.x86_64.rpm
3979376 dfa758cb49d8cc9ec4350869c851895e
postfix-pflogsumm-2.4.5-9.x86_64.rpm
45887 74346f2b474bc796dcae3bc8e905150a
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
postfix-2.4.5-9.src.rpm
3011812 58b3b493c67c09b2c8a5bfba6c9e403f
Binary Packages
Size: MD5
postfix-2.4.5-9.i686.rpm
3524747 d5a99d5555928d8531bf71f03df14e75
postfix-pflogsumm-2.4.5-9.i686.rpm
45899 8ced0b46d7cb23a28241aed6f4fd16b0
<Turbolinux 11 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/post
fix-2.4.5-9.src.rpm
3011812 58b3b493c67c09b2c8a5bfba6c9e403f
Binary Packages
Size: MD5
postfix-2.4.5-9.x86_64.rpm
3979376 dfa758cb49d8cc9ec4350869c851895e
postfix-pflogsumm-2.4.5-9.x86_64.rpm
45887 74346f2b474bc796dcae3bc8e905150a
<Turbolinux 11 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/pos
tfix-2.4.5-9.src.rpm
3011812 58b3b493c67c09b2c8a5bfba6c9e403f
Binary Packages
Size: MD5
postfix-2.4.5-9.i686.rpm
3524747 d5a99d5555928d8531bf71f03df14e75
postfix-pflogsumm-2.4.5-9.i686.rpm
45899 8ced0b46d7cb23a28241aed6f4fd16b0
<Turbolinux FUJI>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/po
stfix-2.2.5-3.src.rpm
2454729 fcf8d4c12988242eec74fca0b7f8f48a
Binary Packages
Size: MD5
postfix-2.2.5-3.i686.rpm
3076799 9394f0c488c1b5b0ea431a2a0d48d02e
<Turbolinux 10 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/post
fix-2.1.4-12.src.rpm
2237432 4eeba8d881208aa45906abdf6cb63712
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postf
ix-2.1.4-12.x86_64.rpm
2105942 3b34adec11ecec7ed04bb29a261009bc
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postf
ix-debug-2.1.4-12.x86_64.rpm
6109062 e201a4ccb87006aa177456eaef36fc23
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/pos
tfix-2.1.4-12.src.rpm
2237432 106a38350fe633c15ff4c66ebca5b127
Binary Packages
Size: MD5
postfix-2.1.4-12.i586.rpm
1734801 953ff1265c6b7da5e73334a725829199
References:
CVE
[CVE-2008-2936]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936
Package Update Path
http://www.turbolinux.com/support/download.html
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkiruCQACgkQK0LzjOqIJMwUZACfb4ru2uj5hN6snSWf1UIx8qZE
qLUAn2stxS+2nWTg6NLXggifApro95OD
=xA9C
-----END PGP SIGNATURE-----
HNS MAIN FEED
Thursday, 19:12 EDT
