SuSE Update for postfix SUSE-SA:2008:040

Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local privilege escalation bug CVE-2008-2936 as well as a mailbox ownership problem CVE-2008-2937 in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.
Affected
postfix on openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2
References