Ubuntu Security Notice USN-642-1
10th September, 2008
postfix vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
- Ubuntu 7.10
Software description
- postfix
Details
Wietse Venema discovered that Postfix leaked internal file descriptors
when executing non-Postfix commands. A local attacker could exploit
this to cause Postfix to run out of descriptors, leading to a denial
of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.04 LTS:
- postfix 2.5.1-2ubuntu1.2
- Ubuntu 7.10:
- postfix 2.4.5-3ubuntu1.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.