Mandriva Linux Security Advisory 2009-224 - Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
fa6727c03f758e0239d74a2c09cded1f47d3b8f5ad4181c778be47b4ac8b4dbf