-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-31 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 20 Aug 2008 Last revised: 20 Aug 2008 Package: postfix Summary: Rocal privilege escalation More information: Postfix is a Mail Transport Agent (MTA). The Postfix MTA contains a local privilege escalation vulnerability.(VU#938323) Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server Source Packages Size: MD5 postfix-2.4.5-9.src.rpm 3011812 58b3b493c67c09b2c8a5bfba6c9e403f Binary Packages Size: MD5 postfix-2.4.5-9.x86_64.rpm 3979376 dfa758cb49d8cc9ec4350869c851895e postfix-pflogsumm-2.4.5-9.x86_64.rpm 45887 74346f2b474bc796dcae3bc8e905150a Source Packages Size: MD5 postfix-2.4.5-9.src.rpm 3011812 58b3b493c67c09b2c8a5bfba6c9e403f Binary Packages Size: MD5 postfix-2.4.5-9.i686.rpm 3524747 d5a99d5555928d8531bf71f03df14e75 postfix-pflogsumm-2.4.5-9.i686.rpm 45899 8ced0b46d7cb23a28241aed6f4fd16b0 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/postfix-2.4.5-9.src.rpm 3011812 58b3b493c67c09b2c8a5bfba6c9e403f Binary Packages Size: MD5 postfix-2.4.5-9.x86_64.rpm 3979376 dfa758cb49d8cc9ec4350869c851895e postfix-pflogsumm-2.4.5-9.x86_64.rpm 45887 74346f2b474bc796dcae3bc8e905150a Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/postfix-2.4.5-9.src.rpm 3011812 58b3b493c67c09b2c8a5bfba6c9e403f Binary Packages Size: MD5 postfix-2.4.5-9.i686.rpm 3524747 d5a99d5555928d8531bf71f03df14e75 postfix-pflogsumm-2.4.5-9.i686.rpm 45899 8ced0b46d7cb23a28241aed6f4fd16b0 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/postfix-2.2.5-3.src.rpm 2454729 fcf8d4c12988242eec74fca0b7f8f48a Binary Packages Size: MD5 postfix-2.2.5-3.i686.rpm 3076799 9394f0c488c1b5b0ea431a2a0d48d02e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/postfix-2.1.4-12.src.rpm 2237432 4eeba8d881208aa45906abdf6cb63712 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postfix-2.1.4-12.x86_64.rpm 2105942 3b34adec11ecec7ed04bb29a261009bc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/postfix-debug-2.1.4-12.x86_64.rpm 6109062 e201a4ccb87006aa177456eaef36fc23 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/postfix-2.1.4-12.src.rpm 2237432 106a38350fe633c15ff4c66ebca5b127 Binary Packages Size: MD5 postfix-2.1.4-12.i586.rpm 1734801 953ff1265c6b7da5e73334a725829199 References: CVE [CVE-2008-2936] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 -------------------------------------------------------------------------- Revision History 20 Aug 2008 Initial release -------------------------------------------------------------------------- Copyright(C) 2008 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkirtMYACgkQK0LzjOqIJMx8SACbBi/W+dA/IuYHdaV4PRtq4Bia +g4AnRhWnJGes6ipdjJDowZtsb0rFi9k =uAM1 -----END PGP SIGNATURE-----