Mandriva Security Advisory MDVSA-2009:224-1 (postfix)

Summary
The remote host is missing an update to postfix announced via advisory MDVSA-2009:224-1.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:224-1
Insight
A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0