Mandriva Linux Security Advisory 2009-224 - Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. This update provides a solution to this vulnerability.
484433b051fc58ba1b7f551d28aa47085b0e7f28d53fd1880c4b8aecfd1a1824