USN-636-1: Postfix vulnerability

08-19-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-636-1: Postfix vulnerability

Referenced CVEs:
CVE-2008-2936

Description:
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.2 Ubuntu 7.04: postfix 2.3.8-2ubuntu0.2 Ubuntu 7.10: postfix 2.4.5-3ubuntu1.2 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Postfix::Parse::Mailq(3pm) User Contributed Perl Documentation Postfix::Parse::Mailq(3pm) NAME
Postfix::Parse::Mailq - parse the output of the postfix mailq command VERSION
version 1.001 SYNOPSIS
use Postfix::Parse::Mailq; my $mailq_output = `mailq`; my $entries = Postfix::Parse::Mailq->read_string($mailq_output); my $bytes = 0; for my $entry (@$entries) { next unless grep { /@aol.com$/ } @{ $entry->{remaining_rcpts} }; $bytes += $entry->{size}; } print "$bytes bytes remain to send to AOL destinations "; WARNING
This code is really rough and the interface will change. Entries will be objects. There will be some more methods. Still, the basics are likely to keep working, or keep pretty close to what you see here now. METHODS
read_file read_handle read_string my $entries = Postfix::Parse::Mailq->read_string($string, \%arg); This methods read the output of postfix's mailq from a file (by name), a filehandle, or a string, respectively. They return an arrayref of hashrefs, each hashref representing one entry in the queue as reported by mailq. Valid arguments are: spool - a hashref of { queue_id -> spool_name } pairs if given, this will be used to attempt to indicate in which spool messages currently are; it is not entirely reliable (race!) parse_block my $entry = Mailq->parse_block(@lines); Given all the lines in a single entry's block of lines in mailq output, this returns data about the entry. AUTHOR
Ricardo SIGNES <rjbs@cpan.org> COPYRIGHT AND LICENSE
This software is copyright (c) 2008 by Ricardo SIGNES. This is free software; you can redistribute it and/or modify it under the same terms as perl itself. perl v5.10.1 2008-10-23 Postfix::Parse::Mailq(3pm)

Security Advisories (RSS)

USN-636-1: Postfix vulnerability

LEARN ABOUT DEBIAN

postfix::parse::mailq