Synopsis: Moderate: postfix security update Issue date: 2008-08-14 CVE Names: CVE-2008-2936 A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936) SL 3.0.x SRPMS: postfix-2.0.16-14.1.RHEL3.src.rpm i386: postfix-2.0.16-14.1.RHEL3.i386.rpm x86_64: postfix-2.0.16-14.1.RHEL3.x86_64.rpm SL 4.x SRPMS: postfix-2.2.10-1.2.1.el4_7.src.rpm i386: postfix-2.2.10-1.2.1.el4_7.i386.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.i386.rpm x86_64: postfix-2.2.10-1.2.1.el4_7.x86_64.rpm postfix-pflogsumm-2.2.10-1.2.1.el4_7.x86_64.rpm SL 5.x SRPMS: postfix-2.3.3-2.1.el5_2.src.rpm i386: postfix-2.3.3-2.1.el5_2.i386.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.i386.rpm x86_64: postfix-2.3.3-2.1.el5_2.x86_64.rpm postfix-pflogsumm-2.3.3-2.1.el5_2.x86_64.rpm -Connie Sieh -Troy Dawson