[USN-642-1] Postfix vulnerabilities
Kees Cook
kees at ubuntu.com
Wed Sep 10 22:41:59 UTC 2008
===========================================================
Ubuntu Security Notice USN-642-1 September 10, 2008
postfix vulnerabilities
CVE-2008-3889
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
postfix 2.4.5-3ubuntu1.3
Ubuntu 8.04 LTS:
postfix 2.5.1-2ubuntu1.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wietse Venema discovered that Postfix leaked internal file descriptors
when executing non-Postfix commands. A local attacker could exploit
this to cause Postfix to run out of descriptors, leading to a denial
of service.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.diff.gz
Size/MD5: 208955 3596c996c2d82fcc9cd755c337cbac6b
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.dsc
Size/MD5: 1034 7097cb52b993eb39e3572516e37fa2fa
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5.orig.tar.gz
Size/MD5: 2934634 ceba0cde05d12baa0ba2ed69fbb96b42
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.4.5-3ubuntu1.3_all.deb
Size/MD5: 131564 d817f30dac7e3cefa7207c9545484234
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.4.5-3ubuntu1.3_all.deb
Size/MD5: 805972 f21663666d6a5a9d4fc82842a22f72ab
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 38160 2b8a37d554c58a28e23d10d86df219a9
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 45310 900f1c0404391ecf79c1275175ef643d
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 40108 a1a6ffbfb86958511d610025e0a73d58
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 40160 a8775f56b0b51d99565ccbe731dc5e94
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 40224 b989f80156a941d822b1e7d19477e08a
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_amd64.deb
Size/MD5: 1188180 9850d0763881c36da658d051fd43bcc5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 37940 5cfcf1cf801d60e309428d6770e31e48
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 44644 0911f3527974816a8101e579ed439e7b
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 39790 10b6ae3688a3b74e208ba383973bd3a8
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 39634 df5c552d2f10bfcdff5e9e38b2ce946a
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 39876 938516395dfcadfb33c7becb673cc157
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_i386.deb
Size/MD5: 1118910 8479b2542dd638e9bc78ee318ba320a2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 37918 c792b13b095b27f4c44f00b6ae7c5d4b
http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 44384 83e6e216238d4d3d6f4e1855767f3d40
http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 39810 0a917ce72b8bc23490af6d2374ebfd84
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 39534 5c3c470f3609e053d212b96961bad854
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 39872 f8a381828c5e4e8056aad583282b2e70
http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_lpia.deb
Size/MD5: 1109740 56a17d3a010a3e2ea1be39e9ffb9ae3a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 40328 7574b4b3c594be170675c25b25cf7ddd
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 47254 82e8deaf6c53addeca09a2c1ab6f4cdb
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 42360 9a993a1ecadd0516186561ee718fffe6
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 42154 2bcd3cc874e5ca7a4b056e515341f334
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 42500 f4da3a93046d6733c541dd124682deb5
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_powerpc.deb
Size/MD5: 1282198 1e49df341ebd8ceadef06c40e90f4143
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 37950 e54565d41630f06ad25d9412ff7ed86a
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 45080 b60aab3168843d14933fbf2f9b0836a4
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 39808 1476c11421716fc226f79ed95d9a0f29
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 39780 7d462ece7c3d9c8cef0c26bbe33dbf5c
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 40002 c78d11bcb7cb95583314e7936f4bbfa5
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_sparc.deb
Size/MD5: 1138322 a9d7465e120b2efcc7c5e95e3432be72
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.diff.gz
Size/MD5: 214022 fd7e7980960fb7599b3b8dcbda027c72
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.dsc
Size/MD5: 1074 c986a840867daed7e64e8135d20350a2
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1.orig.tar.gz
Size/MD5: 3153629 95a559c509081fdd07d78eafd4f4c3b4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.5.1-2ubuntu1.2_all.deb
Size/MD5: 137002 feab6db3336d0281475bc1e1cef1379a
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.5.1-2ubuntu1.2_all.deb
Size/MD5: 892350 9132a5ad000c69b648fac2c4723f5afb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 40252 59f33c5bd60d52ce02196909210b2c41
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 47656 e28ff31be26aeec2ca1ad61696ebd4c3
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 42152 0d8c68a34bc110e5bd39b44cf4ec2955
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 42134 fe597a44741cb9b5fb622a93a5175308
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 42264 ac5cd5303dab598c49cc3df02019bb0e
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_amd64.deb
Size/MD5: 1229544 b822139fc9066a70732ada39cea3f265
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 39990 6c5081b0e1389494fa1e0f74bce52257
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 46916 2a8ecba9c109e24c8e0228f8fbbdb012
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 41922 2b8fa5f0cd7546a0bed4f6f22f251fd5
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 41720 ec7a4569696f720baa6ac4786789e752
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 41998 e3ebe373988c9904a1b7aff028031738
http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_i386.deb
Size/MD5: 1160404 3a52da16e6c765304db0d4f91469aed9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 39978 9c15ad197da735f9f15f8ee7e618d8f3
http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 46990 e6a64fb1b931b22f98ee122635ed608f
http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 41910 5694e817258275890c094078a4beef62
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 41634 277db3152e3021989bd29289f1983f76
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 41976 1e8a8ac3197a6f7d507751cb3f528abf
http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_lpia.deb
Size/MD5: 1156860 13be9938c4ff3cac2c07fe14211d5e33
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 42344 4c1344558316b09dcbdadde87fde1e5f
http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 49656 4915653e7ce08e45cc42a2ca37b07cb2
http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 44476 68c0b40b23f9ddb1a2fb0510603bb8a6
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 44250 f5abb11346a5a5c2d8efb6bf2d2114f9
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 44616 44a226ed816655f7e33571010ff11d82
http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_powerpc.deb
Size/MD5: 1327862 3279cecf1db084a515a01fa0efea0499
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 39908 435a985bc8cf9a38498885b08310ec8f
http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 47134 0a994044167d28e4d6f05cb523e716f0
http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 41800 a95dbcebf682d677ecce57dc4f679167
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 41818 f226978ae4906d029c4abc2a97ad43a9
http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 42000 5d723e46f2e1366dd6ed7661bf51dfc8
http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_sparc.deb
Size/MD5: 1175784 9f5f883813a80d17b5f5e63cf197519b
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20080910/58001e19/attachment.sig>
More information about the ubuntu-security-announce
mailing list