Login
Newsletter
Werbung

Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: USN-1143-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04
Datum: Do, 2. Juni 2011, 08:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1929
Applikationen: dovecot

Originalnachricht


--===============4141579597123035284==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline


--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1143-1
June 02, 2011

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

An attacker could send a crafted email message that could disrupt email
service.

Software Description:
- dovecot: IMAP and POP3 email server

Details:

It was discovered that the message header parser in Dovecot did not
properly handle '\0' characters in header names. This could allow a
remote attacker to cause a denial of service through a crafted email
message by crashing the Dovecot daemon or corrupting mailboxes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
dovecot-common 1:1.2.15-3ubuntu2.1

Ubuntu 10.10:
dovecot-common 1:1.2.12-1ubuntu8.2

Ubuntu 10.04 LTS:
dovecot-common 1:1.2.9-1ubuntu6.4

In general, a standard system update will make all the necessary changes.

References:
CVE-2011-1929

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.15-3ubuntu2.1
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.12-1ubuntu8.2
https://launchpad.net/ubuntu/+source/dovecot/1:1.2.9-1ubuntu6.4


--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJN5vqhAAoJEC8Jno0AXoH0ex0P/R8PTD8bJmPVwkZGh6Bo4+F8
p/xYXTZLmCTBZK/0EcFNlfUgtcFeNN16NC91QDpio0OnWwLBQGmrkp69ie96fePU
Fkb2GfK0Vk0J3dxUlRERrerYm9UaK+qUETRNJ7+ZnbiQ0H0VQIrE0je97v/wT/pa
XtZ5YNvGRay6uDoR0JitGYEvGfDsOg/gk6d1c5X+fqD6yRnIJ9Nczvfqt+ds1M1M
L0WhNEswvgFSHyvQJ/QSZIcrIFkOy3gV+DKl/lJcArIbvhI5R/O95AzJDEBWbmk2
ytRXN7SjYTprRpV44geljGo7Rd1qeTa9sJb/q/pXlJKh1e7N4W7u3t5ESKIpbW9x
3UHMx6fr5UPNnD6pwX0JeiZQU5vmxEDqF1G7qj5JADRV2pd/1e7bOsCFABqP38tT
dgVWLODrmAGKgBb+X6fiBwKMUkI8sqBjkM29/CaFE5FhFwnluvpSnVDgKAJnIniv
hxMGYkUj5MGcAtCAR2+6Eklh8cdRNZrx5Bu9GGpwNz5rIQp7qZJBCYtPTIDU+aKa
H2lExscdS+AKuVVyVP8RqtUB8DmrTcGx8muFT4xeKiqlnc8bGicJqGWrL+BuUCyO
/2yWMHFa+v56+8/5okU5+BGdtnvqoTETRb3vCumPGqf6qqswDuF7TqRZe/mV9f0o
i9DPvwo8ZgOylQEKHkpX
=g4Tl
-----END PGP SIGNATURE-----

--jI8keyz6grp/JLjh--


--===============4141579597123035284==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4141579597123035284==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung