Login
Newsletter
Werbung

Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: FEDORA-2012-19752
Distribution: Fedora
Plattformen: Fedora 16
Datum: Sa, 5. Januar 2013, 08:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5620
Applikationen: dovecot

Originalnachricht

Name        : dovecot
Product : Fedora 16
Version : 2.0.21
Release : 4.fc16
URL : http://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

-------------------------------------------------------------------------------
-
Update Information:

- do not crash during mail search (CVE-2012-5620)
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Dec 4 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-4
- do not crash during mail search (CVE-2012-5620)
* Mon Nov 12 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-3
- fix network still not ready race condition (#871623)
* Fri Nov 2 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-2
- add reload command to service file
* Tue Jul 3 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-1
- dovecot updated to 2.0.21
- imap-login: Memory leak fixed
- imap: Non-UTF8 input on SEARCH command parameters could have crashed
- auth: Fixed crash with DIGEST-MD5 when attempting to do master user
login without master passdbs.
- sdbox: Don't use more fds than necessary when copying mails.
- mdbox kept the user's storage locked a bit longer than it needed to
* Tue Apr 10 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.20-1
- dovecot updated to 2.0.20
- doveadm import didn't import messages' flags
- Make sure IMAP clients can't create directories when accessing
nonexistent users' mailboxes via shared namespace.
- Dovecot auth clients authenticating via TCP socket could have failed
with bogus "PID already in use" errors.
* Fri Mar 16 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.19-1
- dovecot updated to 2.0.19, pigeonhole updated to 0.2.6
- IMAP: ENABLE CONDSTORE/QRESYNC + STATUS for a mailbox might not
have seen latest external changes to it, like new mails.
- imap_id_* settings were ignored before login.
- doveadm altmove did too much work sometimes, retrying moves it had already
done.
- mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
* Mon Feb 13 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.18-1
- dovecot updated to 2.0.18
- LDA/LMTP: Sending a large mail via submission_host or via LMTP proxy
may have caused a hang.
- fixed dbox + mail_attachment_dir + zlib problems.
- login processes weren't logging all intended messages with
auth_verbose=yes
- IMAP: THREAD REFS sometimes returned invalid (0) nodes.
- IMAP: CONTEXT search return option wasn't handled at all.
- dbox: Various error handling fixes.
* Mon Jan 9 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.17-1
- dovecot updated to 2.0.17, pigeonhole updated to 0.2.5
- Fixed memory leaks in login processes with SSL connections
- vpopmail support was broken in v2.0.16
* Fri Dec 2 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.16-2
- call systemd reload in postun
* Mon Nov 21 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.16-1
- dovecot updated to 2.0.16
* Mon Oct 24 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.15-2
- do not use obsolete settings in default configuration (#743444)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #883060 - CVE-2012-5620 dovecot: DoS when handling a search for
multiple keywords
https://bugzilla.redhat.com/show_bug.cgi?id=883060
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung