-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-33
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 11 Sep 2008
 Last revised: 11 Sep 2008

 Package: postfix

 Summary: Postfix denial of service 

 More information:
    Postfix is a Mail Transport Agent (MTA).

    A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6,
    where a local user could cause a denial of service due to Postfix leaking the epoll
    file descriptor when executing non-Postfix commands (CVE-2008-3889).

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/postfix-2.5.3-2.src.rpm
      3236416 53382b9262caf2ec3db0ce791b4fd436

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postfix-2.5.3-2.i586.rpm
      3975003 262208699ab1b14d12e103fc3e15c359
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/postfix-pflogsumm-2.5.3-2.i586.rpm
        45263 7d74e4843ced2df8c6c1fb32fed628ff

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   postfix-2.4.5-10.src.rpm
      3012322 7b825c1683bff4b71c1c2496b6110891

   Binary Packages
   Size: MD5

   postfix-2.4.5-10.x86_64.rpm
      3979763 ff246a034f21ddf14e611f8f128c7ef1
   postfix-pflogsumm-2.4.5-10.x86_64.rpm
        46176 c5c8393e0924d5cc781056aaba1d0a70

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   postfix-2.4.5-10.src.rpm
      3012322 7b825c1683bff4b71c1c2496b6110891

   Binary Packages
   Size: MD5

   postfix-2.4.5-10.i686.rpm
      3523430 ef4dcab18c5708435ee5879a9ac81bc4
   postfix-pflogsumm-2.4.5-10.i686.rpm
        46459 e3c43cc6777ee4d15579960ca8ec5a4b

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/postfix-2.4.5-10.src.rpm
      3012322 7b825c1683bff4b71c1c2496b6110891

   Binary Packages
   Size: MD5

   postfix-2.4.5-10.x86_64.rpm
      3979763 ff246a034f21ddf14e611f8f128c7ef1
   postfix-pflogsumm-2.4.5-10.x86_64.rpm
        46176 c5c8393e0924d5cc781056aaba1d0a70

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/postfix-2.4.5-10.src.rpm
      3012322 7b825c1683bff4b71c1c2496b6110891

   Binary Packages
   Size: MD5

   postfix-2.4.5-10.i686.rpm
      3523430 ef4dcab18c5708435ee5879a9ac81bc4
   postfix-pflogsumm-2.4.5-10.i686.rpm
        46459 e3c43cc6777ee4d15579960ca8ec5a4b


 References:

 CVE
   [CVE-2008-3889]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889

 --------------------------------------------------------------------------
 Revision History
    11 Sep 2008 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2008 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjI/VYACgkQK0LzjOqIJMzTIACfZRIjFe2Nd9hRdrtUGRb+8M50
PoAAniIlQUdvcCThbU1VBoPGLzTfjW3e
=4Jbf
-----END PGP SIGNATURE-----