Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.
2066190092a138a8e944282214539e92f89d4e7e673e5c275fdb8a0859fc9199
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
6aa138e4da81ce01a79a100e10f8c8db333638d58fca582399c80a99743e1fb6