Mandrake Security Advisory MDVSA-2009:224 (postfix)

The remote host is missing an update to postfix announced via advisory MDVSA-2009:224.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Affected: 2008.1, Corporate 3.0, Corporate 4.0