=========================================================== Ubuntu Security Notice USN-642-1 September 10, 2008 postfix vulnerabilities CVE-2008-3889 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: postfix 2.4.5-3ubuntu1.3 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands. A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.diff.gz Size/MD5: 208955 3596c996c2d82fcc9cd755c337cbac6b http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3.dsc Size/MD5: 1034 7097cb52b993eb39e3572516e37fa2fa http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5.orig.tar.gz Size/MD5: 2934634 ceba0cde05d12baa0ba2ed69fbb96b42 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.4.5-3ubuntu1.3_all.deb Size/MD5: 131564 d817f30dac7e3cefa7207c9545484234 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.4.5-3ubuntu1.3_all.deb Size/MD5: 805972 f21663666d6a5a9d4fc82842a22f72ab amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 38160 2b8a37d554c58a28e23d10d86df219a9 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 45310 900f1c0404391ecf79c1275175ef643d http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 40108 a1a6ffbfb86958511d610025e0a73d58 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 40160 a8775f56b0b51d99565ccbe731dc5e94 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 40224 b989f80156a941d822b1e7d19477e08a http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_amd64.deb Size/MD5: 1188180 9850d0763881c36da658d051fd43bcc5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 37940 5cfcf1cf801d60e309428d6770e31e48 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 44644 0911f3527974816a8101e579ed439e7b http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 39790 10b6ae3688a3b74e208ba383973bd3a8 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 39634 df5c552d2f10bfcdff5e9e38b2ce946a http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 39876 938516395dfcadfb33c7becb673cc157 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_i386.deb Size/MD5: 1118910 8479b2542dd638e9bc78ee318ba320a2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 37918 c792b13b095b27f4c44f00b6ae7c5d4b http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 44384 83e6e216238d4d3d6f4e1855767f3d40 http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 39810 0a917ce72b8bc23490af6d2374ebfd84 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 39534 5c3c470f3609e053d212b96961bad854 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 39872 f8a381828c5e4e8056aad583282b2e70 http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_lpia.deb Size/MD5: 1109740 56a17d3a010a3e2ea1be39e9ffb9ae3a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 40328 7574b4b3c594be170675c25b25cf7ddd http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 47254 82e8deaf6c53addeca09a2c1ab6f4cdb http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 42360 9a993a1ecadd0516186561ee718fffe6 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 42154 2bcd3cc874e5ca7a4b056e515341f334 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 42500 f4da3a93046d6733c541dd124682deb5 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_powerpc.deb Size/MD5: 1282198 1e49df341ebd8ceadef06c40e90f4143 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 37950 e54565d41630f06ad25d9412ff7ed86a http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 45080 b60aab3168843d14933fbf2f9b0836a4 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 39808 1476c11421716fc226f79ed95d9a0f29 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 39780 7d462ece7c3d9c8cef0c26bbe33dbf5c http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 40002 c78d11bcb7cb95583314e7936f4bbfa5 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.4.5-3ubuntu1.3_sparc.deb Size/MD5: 1138322 a9d7465e120b2efcc7c5e95e3432be72 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.diff.gz Size/MD5: 214022 fd7e7980960fb7599b3b8dcbda027c72 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2.dsc Size/MD5: 1074 c986a840867daed7e64e8135d20350a2 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1.orig.tar.gz Size/MD5: 3153629 95a559c509081fdd07d78eafd4f4c3b4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-dev_2.5.1-2ubuntu1.2_all.deb Size/MD5: 137002 feab6db3336d0281475bc1e1cef1379a http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-doc_2.5.1-2ubuntu1.2_all.deb Size/MD5: 892350 9132a5ad000c69b648fac2c4723f5afb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 40252 59f33c5bd60d52ce02196909210b2c41 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 47656 e28ff31be26aeec2ca1ad61696ebd4c3 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 42152 0d8c68a34bc110e5bd39b44cf4ec2955 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 42134 fe597a44741cb9b5fb622a93a5175308 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 42264 ac5cd5303dab598c49cc3df02019bb0e http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_amd64.deb Size/MD5: 1229544 b822139fc9066a70732ada39cea3f265 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 39990 6c5081b0e1389494fa1e0f74bce52257 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 46916 2a8ecba9c109e24c8e0228f8fbbdb012 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 41922 2b8fa5f0cd7546a0bed4f6f22f251fd5 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 41720 ec7a4569696f720baa6ac4786789e752 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 41998 e3ebe373988c9904a1b7aff028031738 http://security.ubuntu.com/ubuntu/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_i386.deb Size/MD5: 1160404 3a52da16e6c765304db0d4f91469aed9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 39978 9c15ad197da735f9f15f8ee7e618d8f3 http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 46990 e6a64fb1b931b22f98ee122635ed608f http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 41910 5694e817258275890c094078a4beef62 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 41634 277db3152e3021989bd29289f1983f76 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 41976 1e8a8ac3197a6f7d507751cb3f528abf http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_lpia.deb Size/MD5: 1156860 13be9938c4ff3cac2c07fe14211d5e33 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 42344 4c1344558316b09dcbdadde87fde1e5f http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 49656 4915653e7ce08e45cc42a2ca37b07cb2 http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 44476 68c0b40b23f9ddb1a2fb0510603bb8a6 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 44250 f5abb11346a5a5c2d8efb6bf2d2114f9 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 44616 44a226ed816655f7e33571010ff11d82 http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_powerpc.deb Size/MD5: 1327862 3279cecf1db084a515a01fa0efea0499 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/postfix/postfix-cdb_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 39908 435a985bc8cf9a38498885b08310ec8f http://ports.ubuntu.com/pool/main/p/postfix/postfix-ldap_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 47134 0a994044167d28e4d6f05cb523e716f0 http://ports.ubuntu.com/pool/main/p/postfix/postfix-mysql_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 41800 a95dbcebf682d677ecce57dc4f679167 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pcre_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 41818 f226978ae4906d029c4abc2a97ad43a9 http://ports.ubuntu.com/pool/main/p/postfix/postfix-pgsql_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 42000 5d723e46f2e1366dd6ed7661bf51dfc8 http://ports.ubuntu.com/pool/main/p/postfix/postfix_2.5.1-2ubuntu1.2_sparc.deb Size/MD5: 1175784 9f5f883813a80d17b5f5e63cf197519b