Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in dovecot (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in dovecot (Aktualisierung)
ID: USN-3556-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM
Datum: Fr, 2. Februar 2018, 07:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
Applikationen: dovecot
Update von: Denial of Service in dovecot

Originalnachricht


--===============5630581815957667814==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-dcaCV1WM6JG4iU0UEYmP"


--=-dcaCV1WM6JG4iU0UEYmP
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3556-2
February 01, 2018

dovecot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Dovecot.

Software Description:
- dovecot: IMAP and POP3 email server

Details:

USN-3556-1 fixed vulnerabilities in Dovecot. This update
provides the corresponding update for Ubuntu 12.04 ESM.

It was discovered that Dovecot incorrectly handled certain
authentications. An attacker could possibly use this to bypass
authentication and access sensitive information. (CVE-2013-6171)

Original advisory details:

It was discovered that Dovecot incorrectly handled certain
authentications.
An attacker could possibly use this to cause a denial of service.
(CVE-2017-15132)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
dovecot-core 1:2.0.19-0ubuntu2.4

In general, a standard system update will make all the necessary
changes.

References:
https://www.ubuntu.com/usn/usn-3556-2
https://www.ubuntu.com/usn/usn-3556-1
CVE-2013-6171, CVE-2017-15132

--=-dcaCV1WM6JG4iU0UEYmP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJac3xWAAoJEEW851uECx9pwbcP+wbQQuo0jANXf7WYMoUFOa+W
gcGE4rJ6Jk24tSLwNBbyCcfgdDEEEsamypgM1Af4yCTa/DNpEupnLOTXcKBoAA4w
t5EHicAU+RarghjwoFYP04TNPIhl4Jxb40DZcdvXjtQ6YRuJqLyI7RzpzGPzCqtR
BndhwseDwRsZdbUgv5NvpSCj1BEnGDyvnDqkW4lDP22XYrDbNZLcG9qV+j0IFOBt
Y1hopxoQwdEDo8E+NTgjLuV1Hzc8f0rNO4O+hLcoGNIKh6oDpbyFPE3XVIBAs75a
BTOMCpBb783aENxkvxtzJGxzTyhzCF4chdfTRt+BodZR7A3bJlU3JEUrgx+fCAsH
au8MLN5mO4XWjmn5WnMkmcxsJA6EroZrGCXKlGZ4xHH22FO+W/J5smMRwtAsd3uF
KUsqOk6+usBRvEvMk4c0K7eBWxF2sKk8tVw0/xi5LCRWi5xB96TiZpZmHEPU0rrr
iNw86+8uJIrhTlGtbENccLDRqjw2otEcVVK5eXIgdnNbeTJy2df2xqw5dEQDtbvH
KcG4RhISZlmqm80sabLOORNWbo4RpSgp6xNmq5VzS+PQ17xHPO2q4/0L33L72lKU
Dvors4Rbf2CzPgeJ6+0BqLEdLM0ub89wV/vqx1UmEYqafnMuRZ7Rlx8vukGlpRZs
FvH6MOi2weS0zg3Li+mK
=RNqp
-----END PGP SIGNATURE-----

--=-dcaCV1WM6JG4iU0UEYmP--



--===============5630581815957667814==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5630581815957667814==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung