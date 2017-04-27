Login
Newsletter
Werbung
Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: FEDORA-2017-6ef28e38d6
Distribution: Fedora
Plattformen: Fedora 25
Datum: Do, 27. April 2017, 08:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2669

Originalnachricht

 
--------------------------------------------------------------------------------


Fedora Update Notification

FEDORA-2017-6ef28e38d6

2017-04-27 00:38:46.159117

--------------------------------------------------------------------------------




Name        : dovecot

Product     : Fedora 25

Version     : 2.2.29.1

Release     : 1.fc25

URL         : http://www.dovecot.org/

Summary     : Secure imap and pop3 server

Description :

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security

primarily in mind.  It also contains a small POP3 server.  It supports mail

in either of maildir or mbox formats.



The SQL drivers and authentication plug-ins are in their subpackages.



--------------------------------------------------------------------------------


Update Information:



  + quota: Add plugin { quota_max_mail_size } setting to limit the    maximum

individual mail size that can be saved.  + imapc: Add imapc_features=delay-

login. If set, connecting to the    remote IMAP server isn't done until
 it's

necessary.  + imapc: Add imapc_connection_retry_count and

imapc_connection_retry_interval settings.  + imap, pop3, indexer-worker: Add

(deinit) to process title before    autoexpunging runs.  + Added %{encrypt}
 and

%{decrypt} variables  + imap/pop3 proxy: Log proxy state in errors as human-

readable string.  + imap/pop3-login: All forward_* extra fields returned by

passdb are    sent to the next hop when proxying using ID/XCLIENT commands. On

the    receiving side these fields are imported and sent to auth process

where they're accessible via %{passdb:forward_*}. This is done only    if
 the

sending IP address matches login_trusted_networks.  + imap-login: If

imap_id_retain=yes, send the IMAP ID string to    auth process. %{client_id}

expands to it in auth process. The ID    string is also sent to the next hop

when proxying.  + passdb imap: Use ssl_client_ca_* settings for CA validation.

- fts-tika: Fixed crash when parsing attachment without    Content-Disposition

header. Broken by 2.2.28.  - trash plugin was broken in 2.2.28  - auth: When

passdb/userdb lookups were done via auth-workers, too much    data was added
 to

auth cache. This could have resulted in wrong    replies when using multiple

passdbs/userdbs.  - auth: passdb { skip & mechanisms } were ignored for
 the

first passdb  - oauth2: Various fixes, including fixes to crashes  - dsync:

Large Sieve scripts (or other large metadata) weren't always    synced.  -
 Index

rebuild (e.g. doveadm force-resync) set all mails as \Recent  -
 imap-hibernate:

%{userdb:*} wasn't expanded in mail_log_prefix  - doveadm: Exit codes
 weren't

preserved when proxying commands via    doveadm-server. Almost all errors used

exit code 75 (tempfail).  - ACLs weren't applied to not-yet-existing
 autocreated

mailboxes.  - Fixed a potential crash when parsing a broken message header.  -

cassandra: Fallback consistency settings weren't working correctly.  -
 doveadm

director status <user>: "Initial config" was always empty  -
 imapc: Various

reconnection fixes.

--------------------------------------------------------------------------------


References:



  [ 1 ] Bug #1441457 - CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was
 used for authentication [fedora-all]

        https://bugzilla.redhat.com/show_bug.cgi?id=1441457

--------------------------------------------------------------------------------




This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade dovecot' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

2
ownC­loud X vor­ge­stellt

4
Gr­se­cu­ri­ty stellt freie Ver­füg­bar­keit von Pat­ches ein

11
Neue Far­ben für Thun­der­bird

0
Li­nu­x-Ta­ge in Kiel und Tü­bin­gen su­chen nach Vor­trä­g­en

0
Lin­kerd er­reicht sta­bi­le Ver­si­on 1.0.0

4
Thü­rin­gen nutzt künf­tig OSiP

14
De­bi­an schließt FTP-Ser­ver

0
Li­nux­wo­chen Wien von 4. bis 6. Mai

8
Sys­te­mRes­cu­eCd 5.0.0 frei­ge­ge­ben

1
Col­la­bo­ra Of­fice 5.3 er­schie­nen
 
Werbung