[Bug 258162] Re: Postfix local privilege escalation via hardlinked symlinks
Published: http://www.ubuntu.com/usn/usn-636-1 ** Changed in: postfix (Ubuntu) Assignee: (unassigned) = LaMont Jones (lamont) Status: Fix Committed = Fix Released -- Postfix local privilege escalation via hardlinked symlinks https://bugs.launchpad.net/bugs/258162 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 258162] Re: Postfix local privilege escalation via hardlinked symlinks
Updates for all Ubuntu releases have been prepared and are going through the security update process. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2936 ** Changed in: postfix (Ubuntu) Status: New = In Progress -- Postfix local privilege escalation via hardlinked symlinks https://bugs.launchpad.net/bugs/258162 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 258162] Re: Postfix local privilege escalation via hardlinked symlinks
It's CVE-2008-2936, and fixed in: 2.2.10-1ubuntu0.2 (dapper) 2.3.8-2ubuntu0.1 (feisty) 2.4.5-3ubuntu1.1 (gutsy) 2.5.1-2ubuntu1 (hardy) 2.5.4-1 (intrepid) None of these have hit the archive, see also https://bugs.edge.launchpad.net/ubuntu/+source/postfix/+bug/257893 I'd expect to see the -security stuff shortly. CVE-2008-2937 was also assigned for the issue that was fixed in 2.5.3, which applies if you have a mode 1777 /var/mail. That should not be confused with any sane configuration of mail. lamont ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2937 ** Changed in: postfix (Ubuntu) Status: In Progress = Fix Committed -- Postfix local privilege escalation via hardlinked symlinks https://bugs.launchpad.net/bugs/258162 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
