lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080910224159.GB26657@outflux.net>
Date: Wed, 10 Sep 2008 15:41:59 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-642-1] Postfix vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-642-1         September 10, 2008
postfix vulnerabilities
CVE-2008-3889
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  postfix                         2.4.5-3ubuntu1.3

Ubuntu 8.04 LTS:
  postfix                         2.5.1-2ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Wietse Venema discovered that Postfix leaked internal file descriptors
when executing non-Postfix commands.  A local attacker could exploit
this to cause Postfix to run out of descriptors, leading to a denial
of service.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.diff.gz
      Size/MD5:   208955 3596c996c2d82fcc9cd755c337cbac6b
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.dsc
      Size/MD5:     1034 7097cb52b993eb39e3572516e37fa2fa
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5.orig.tar.gz
      Size/MD5:  2934634 ceba0cde05d12baa0ba2ed69fbb96b42

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.4.5-3ubuntu1.3_all.deb
      Size/MD5:   131564 d817f30dac7e3cefa7207c9545484234
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.4.5-3ubuntu1.3_all.deb
      Size/MD5:   805972 f21663666d6a5a9d4fc82842a22f72ab

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:    38160 2b8a37d554c58a28e23d10d86df219a9
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:    45310 900f1c0404391ecf79c1275175ef643d
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:    40108 a1a6ffbfb86958511d610025e0a73d58
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:    40160 a8775f56b0b51d99565ccbe731dc5e94
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:    40224 b989f80156a941d822b1e7d19477e08a
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_amd64.deb
      Size/MD5:  1188180 9850d0763881c36da658d051fd43bcc5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:    37940 5cfcf1cf801d60e309428d6770e31e48
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:    44644 0911f3527974816a8101e579ed439e7b
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:    39790 10b6ae3688a3b74e208ba383973bd3a8
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:    39634 df5c552d2f10bfcdff5e9e38b2ce946a
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:    39876 938516395dfcadfb33c7becb673cc157
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_i386.deb
      Size/MD5:  1118910 8479b2542dd638e9bc78ee318ba320a2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:    37918 c792b13b095b27f4c44f00b6ae7c5d4b
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:    44384 83e6e216238d4d3d6f4e1855767f3d40
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:    39810 0a917ce72b8bc23490af6d2374ebfd84
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:    39534 5c3c470f3609e053d212b96961bad854
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:    39872 f8a381828c5e4e8056aad583282b2e70
    http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_lpia.deb
      Size/MD5:  1109740 56a17d3a010a3e2ea1be39e9ffb9ae3a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:    40328 7574b4b3c594be170675c25b25cf7ddd
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:    47254 82e8deaf6c53addeca09a2c1ab6f4cdb
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:    42360 9a993a1ecadd0516186561ee718fffe6
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:    42154 2bcd3cc874e5ca7a4b056e515341f334
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:    42500 f4da3a93046d6733c541dd124682deb5
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_powerpc.deb
      Size/MD5:  1282198 1e49df341ebd8ceadef06c40e90f4143

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:    37950 e54565d41630f06ad25d9412ff7ed86a
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:    45080 b60aab3168843d14933fbf2f9b0836a4
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:    39808 1476c11421716fc226f79ed95d9a0f29
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:    39780 7d462ece7c3d9c8cef0c26bbe33dbf5c
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:    40002 c78d11bcb7cb95583314e7936f4bbfa5
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_sparc.deb
      Size/MD5:  1138322 a9d7465e120b2efcc7c5e95e3432be72

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.diff.gz
      Size/MD5:   214022 fd7e7980960fb7599b3b8dcbda027c72
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.dsc
      Size/MD5:     1074 c986a840867daed7e64e8135d20350a2
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1.orig.tar.gz
      Size/MD5:  3153629 95a559c509081fdd07d78eafd4f4c3b4

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.5.1-2ubuntu1.2_all.deb
      Size/MD5:   137002 feab6db3336d0281475bc1e1cef1379a
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.5.1-2ubuntu1.2_all.deb
      Size/MD5:   892350 9132a5ad000c69b648fac2c4723f5afb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:    40252 59f33c5bd60d52ce02196909210b2c41
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:    47656 e28ff31be26aeec2ca1ad61696ebd4c3
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:    42152 0d8c68a34bc110e5bd39b44cf4ec2955
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:    42134 fe597a44741cb9b5fb622a93a5175308
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:    42264 ac5cd5303dab598c49cc3df02019bb0e
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_amd64.deb
      Size/MD5:  1229544 b822139fc9066a70732ada39cea3f265

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:    39990 6c5081b0e1389494fa1e0f74bce52257
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:    46916 2a8ecba9c109e24c8e0228f8fbbdb012
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:    41922 2b8fa5f0cd7546a0bed4f6f22f251fd5
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:    41720 ec7a4569696f720baa6ac4786789e752
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:    41998 e3ebe373988c9904a1b7aff028031738
    http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_i386.deb
      Size/MD5:  1160404 3a52da16e6c765304db0d4f91469aed9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:    39978 9c15ad197da735f9f15f8ee7e618d8f3
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:    46990 e6a64fb1b931b22f98ee122635ed608f
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:    41910 5694e817258275890c094078a4beef62
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:    41634 277db3152e3021989bd29289f1983f76
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:    41976 1e8a8ac3197a6f7d507751cb3f528abf
    http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_lpia.deb
      Size/MD5:  1156860 13be9938c4ff3cac2c07fe14211d5e33

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:    42344 4c1344558316b09dcbdadde87fde1e5f
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:    49656 4915653e7ce08e45cc42a2ca37b07cb2
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:    44476 68c0b40b23f9ddb1a2fb0510603bb8a6
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:    44250 f5abb11346a5a5c2d8efb6bf2d2114f9
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:    44616 44a226ed816655f7e33571010ff11d82
    http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_powerpc.deb
      Size/MD5:  1327862 3279cecf1db084a515a01fa0efea0499

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:    39908 435a985bc8cf9a38498885b08310ec8f
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:    47134 0a994044167d28e4d6f05cb523e716f0
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:    41800 a95dbcebf682d677ecce57dc4f679167
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:    41818 f226978ae4906d029c4abc2a97ad43a9
    http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:    42000 5d723e46f2e1366dd6ed7661bf51dfc8
    http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_sparc.deb
      Size/MD5:  1175784 9f5f883813a80d17b5f5e63cf197519b


Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ