drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in dovecot
Name: |
Preisgabe von Informationen in dovecot |
|
ID: |
DSA-1359-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian etch |
|
Datum: |
Di, 28. August 2007, 20:05 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2231 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA 1359-1 security@debian.org http://www.debian.org/security/ Steve Kemp August 28th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : dovecot Vulnerability : directory traversal Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2231
It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names.
For the stable distribution (etch), this problem has been fixed in version 1.0.rc15-2etch1.
For the old stable distribution (sarge), this problem was not present.
For the unstable distribution this problem with be fixed soon.
We recommend that you upgrade your dovecot package.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - --------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
dovecot_1.0.rc15-2etch1.dsc Size/MD5 checksum: 1007 cde4bffef0b1c78324bc8adc6354eaa4 dovecot_1.0.rc15.orig.tar.gz Size/MD5 checksum: 1463069 26f3d2b075856b1b1d180146363819e6 dovecot_1.0.rc15-2etch1.diff.gz Size/MD5 checksum: 94823 fbf56611ccca44cee2a4663c8fbb56c0
alpha architecture (DEC Alpha)
dovecot-imapd_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 618818 3b125c8d36e45fede3d73464a5e7f12a dovecot-common_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 1373836 97c909a2774519f3d04a33c74212cb05 dovecot-pop3d_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 580708 d840ccd638850f72014e89641fbe9569
amd64 architecture (AMD x86_64 (AMD64))
dovecot-pop3d_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 534118 8869870afff4eb25559457faece371d4 dovecot-imapd_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 568180 ebf3cfcb5343f48379ef14989a9482ef dovecot-common_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 1224650 79fbf3019551461c68197a5e5f6a6620
arm architecture (ARM)
dovecot-common_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 1116470 a3774a96d2daf2534613cd75e9044726 dovecot-pop3d_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 503858 45c610525a211f80462ee8a30b997b98 dovecot-imapd_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 534534 e7af01554616f50b38b63e76a0035402
hppa architecture (HP PA RISC)
dovecot-common_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 1293812 b77e446a414f88c05aa073c663e1aff3 dovecot-imapd_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 596290 207bcda07cad9d263b4543c87788553d dovecot-pop3d_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 559686 bab920cd7543cfaea2a76e03cc087d51
i386 architecture (Intel ia32)
dovecot-common_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 1127680 80fab6db53d353058b801e5ad42cd305 dovecot-pop3d_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 511940 b773c45daa6483d02af9f4f702a538f7 dovecot-imapd_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 544082 d4685011b8c8359f849a2fc3f65cb0b3
ia64 architecture (Intel ia64)
dovecot-imapd_1.0.rc15-2etch1_ia64.deb Size/MD5 checksum: 789702 84fb674f3f568db180c41cfb21088d5f dovecot-common_1.0.rc15-2etch1_ia64.deb Size/MD5 checksum: 1694430 e4c5c30e65312e92ec151d55f308c473 dovecot-pop3d_1.0.rc15-2etch1_ia64.deb Size/MD5 checksum: 733296 4b718887ebdcc88600999e0270e12ec0
mips architecture (MIPS (Big Endian))
dovecot-imapd_1.0.rc15-2etch1_mips.deb Size/MD5 checksum: 593030 1af3fc78abbcf4f0c9aece1fad08b624 dovecot-pop3d_1.0.rc15-2etch1_mips.deb Size/MD5 checksum: 557018 3bcd83e867f03d1dfac558f1df1a7ca5 dovecot-common_1.0.rc15-2etch1_mips.deb Size/MD5 checksum: 1258216 833f0f974dfe83db4d3cab0351f4c33b
mipsel architecture (MIPS (Little Endian))
dovecot-common_1.0.rc15-2etch1_mipsel.deb Size/MD5 checksum: 1263156 b8c3335d051c0be6b2923f5e939594cd dovecot-imapd_1.0.rc15-2etch1_mipsel.deb Size/MD5 checksum: 592544 61b1b479bb89219e9493c8140913ff07 dovecot-pop3d_1.0.rc15-2etch1_mipsel.deb Size/MD5 checksum: 556560 67fd4d0ba283209202c0b4564a2ae74a
s390 architecture (IBM S/390)
dovecot-common_1.0.rc15-2etch1_s390.deb Size/MD5 checksum: 1284486 5b39d3b4db4ab8f4360406037e118a88 dovecot-imapd_1.0.rc15-2etch1_s390.deb Size/MD5 checksum: 592810 7361ea663e14012502c9821e9d2fdf70 dovecot-pop3d_1.0.rc15-2etch1_s390.deb Size/MD5 checksum: 557544 1dce29ac718f481894db452aef8c783d
sparc architecture (Sun SPARC/UltraSPARC)
dovecot-common_1.0.rc15-2etch1_sparc.deb Size/MD5 checksum: 1103380 47e7f2cf8d8276ee941ab7332ad356ab dovecot-imapd_1.0.rc15-2etch1_sparc.deb Size/MD5 checksum: 531158 41e6f8e91ddc0bda4089aa1e1ac97432 dovecot-pop3d_1.0.rc15-2etch1_sparc.deb Size/MD5 checksum: 499596 4bdaaa9e12ef03ee5800c1b291970479
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG1GIhwM/Gs81MDZ0RAu2+AKClyc+Hp8T8rfMqjq5UaMnBYLo1BgCg3RHL qAHaDowybNaXwDlnofswnAg= =KY3M -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|