Version of Postfix in Fedora not kept up to date
"Jóhann B. Guðmundsson"
johannbg at hi.is
Mon Sep 15 13:10:03 UTC 2008
kvantanet at seznam.cz wrote:
> Why is always Postfix a couple of versions behind?
> The latest version of Postfix is now 2.5.5 and F10 includes only 2.5.1. (Released 2008-02-17)
> Other distros like Debian always updates this package.
> Fedora never updates this package after release.
> Does this mean the we don't need to address the issues corrected in new versions of Postfix?
>
> E.G. Latest 2 issues
>
> ---------------------------------------- SNIP -----------------------------------------------
>
> 20080814
>
> Security: some systems have changed their link() semantics,
> and will hardlink a symlink, contrary to POSIX and XPG4.
> Sebastian Krahmer, SuSE. File: util/safe_open.c.
>
> The solution introduces the following incompatible change:
> when the target of mail delivery is a symlink, the parent
> directory of that symlink must now be writable by root only
> (in addition to the already existing requirement that the
> symlink itself is owned by root). This change will break
> legitimate configurations that deliver mail to a symbolic
> link in a directory with less restrictive permissions.
>
> 20080826
>
> Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
> With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
> file descriptor leak when it executes non-Postfix commands
> in, for example, user-controlled $HOME/.forward files. A
> local user can access a leaked epoll file descriptor to
> implement a denial of service attack on Postfix. Data
> confidentiality and integrity are not affected. File:
> util/events.c.
>
> ---------------------------------------- /SNIP -----------------------------------------------
>
> More at : ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.5.HISTORY
>
> Best
>
> T.L. kvantanet
>
>
Contact the package maintainer and see what he says ( or post this
question on -devel )...
JBG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johannbg.vcf
Type: text/x-vcard
Size: 356 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20080915/9fa190a9/attachment.vcf>
More information about the fedora-test-list
mailing list