-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-33
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 11 Sep 2008
Last revised: 11 Sep 2008
Package: postfix
Summary: Postfix denial of service
More information:
Postfix is a Mail Transport Agent (MTA).
A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6,
where a local user could cause a denial of service due to Postfix leaking the epoll
file descriptor when executing non-Postfix commands (CVE-2008-3889).
Affected Products:
- Turbolinux Client 2008
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
<Turbolinux Client 2008>
Source Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/postfix-2.5.3-2.src.rpm
3236416 53382b9262caf2ec3db0ce791b4fd436
Binary Packages
Size: MD5
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postfix-2.5.3-2.i586.rpm
3975003 262208699ab1b14d12e103fc3e15c359
http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postfix-pflogsumm-2.5.3-2.i586.rpm
45263 7d74e4843ced2df8c6c1fb32fed628ff
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages
Size: MD5
postfix-2.4.5-10.src.rpm
3012322 7b825c1683bff4b71c1c2496b6110891
Binary Packages
Size: MD5
postfix-2.4.5-10.x86_64.rpm
3979763 ff246a034f21ddf14e611f8f128c7ef1
postfix-pflogsumm-2.4.5-10.x86_64.rpm
46176 c5c8393e0924d5cc781056aaba1d0a70
<Turbolinux Appliance Server 3.0>
Source Packages
Size: MD5
postfix-2.4.5-10.src.rpm
3012322 7b825c1683bff4b71c1c2496b6110891
Binary Packages
Size: MD5
postfix-2.4.5-10.i686.rpm
3523430 ef4dcab18c5708435ee5879a9ac81bc4
postfix-pflogsumm-2.4.5-10.i686.rpm
46459 e3c43cc6777ee4d15579960ca8ec5a4b
<Turbolinux 11 Server x64 Edition>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/postfix-2.4.5-10.src.rpm
3012322 7b825c1683bff4b71c1c2496b6110891
Binary Packages
Size: MD5
postfix-2.4.5-10.x86_64.rpm
3979763 ff246a034f21ddf14e611f8f128c7ef1
postfix-pflogsumm-2.4.5-10.x86_64.rpm
46176 c5c8393e0924d5cc781056aaba1d0a70
<Turbolinux 11 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/postfix-2.4.5-10.src.rpm
3012322 7b825c1683bff4b71c1c2496b6110891
Binary Packages
Size: MD5
postfix-2.4.5-10.i686.rpm
3523430 ef4dcab18c5708435ee5879a9ac81bc4
postfix-pflogsumm-2.4.5-10.i686.rpm
46459 e3c43cc6777ee4d15579960ca8ec5a4b
References:
CVE
[CVE-2008-3889]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
--------------------------------------------------------------------------
Revision History
11 Sep 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjI/VYACgkQK0LzjOqIJMzTIACfZRIjFe2Nd9hRdrtUGRb+8M50
PoAAniIlQUdvcCThbU1VBoPGLzTfjW3e
=4Jbf
-----END PGP SIGNATURE-----