Login
Newsletter
Werbung

Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: MDVSA-2010:104
Distribution: Mandriva
Plattformen: Mandriva 2010.0
Datum: Sa, 22. Mai 2010, 08:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0745
http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
Applikationen: dovecot

Originalnachricht

This is a multi-part message in MIME format...

------------=_1274449333-24326-8104


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:104
http://www.mandriva.com/security/
_______________________________________________________________________

Package : dovecot
Date : May 21, 2010
Affected: 2010.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in dovecot:

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows
remote attackers to cause a denial of service (CPU consumption)
via long headers in an e-mail message (CVE-2010-0745).

This update provides dovecot 1.2.11 which is not vulnerable to this
issue and also holds many bugfixes as well.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0745
http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
b95d9a917da2a42436c933475dacb689
2010.0/i586/dovecot-1.2.11-0.1mdv2010.0.i586.rpm
ae17dc00f69e99cd1bcd4117cde53e9d
2010.0/i586/dovecot-devel-1.2.11-0.1mdv2010.0.i586.rpm
a5304d895371d64b4e77c8c178adeabc
2010.0/i586/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.i586.rpm
ac1c3a580905b10ba644013646db053b
2010.0/i586/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.i586.rpm
5625a95867c3f6557e01c68c1627c50c
2010.0/i586/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.i586.rpm
d7ca2adca57b353996bd0d3be8eaa15a
2010.0/i586/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.i586.rpm
648a1f4d176a2ff5e9d8c2751a75176d
2010.0/i586/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.i586.rpm
95f866ead04f859375e38775e13f2d82
2010.0/i586/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.i586.rpm
6cf7c7e9e47fb15c18bb2219fe58c39e
2010.0/i586/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.i586.rpm
5e36c888b6f39d97c51f1ad2262d5698
2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
e5ac579121952f2f7d0db0082c35fe3f
2010.0/x86_64/dovecot-1.2.11-0.1mdv2010.0.x86_64.rpm
0d70781b49ad834523dff177b38394bc
2010.0/x86_64/dovecot-devel-1.2.11-0.1mdv2010.0.x86_64.rpm
65f7ed1fe4c4882173fb4bcfb1dee81e
2010.0/x86_64/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.x86_64.rpm
9ce625bbdf040a61f84abcb98a326511
2010.0/x86_64/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.x86_64.rpm
87af67276a9b3a12cf5c17b369eea39a
2010.0/x86_64/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.x86_64.rpm
8a9d7710eadcae398b232799458f25f1
2010.0/x86_64/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.x86_64.rpm
bcf047e686991a4e52055f83cb9e7834
2010.0/x86_64/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.x86_64.rpm
c630786ec35b58dda992ffa7bf370da3
2010.0/x86_64/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.x86_64.rpm
a9037b2ebcf8a76fbe455d15586e1e51
2010.0/x86_64/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.x86_64.rpm
5e36c888b6f39d97c51f1ad2262d5698
2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL9mFHmqjQ0CJFipgRAkPBAJ0R70lQxLJ5wXhXnxXOE7EAqXJBLwCeJd9Q
Ddb7NogAMrl6qa4iMnFrUfs=
=b5XG
-----END PGP SIGNATURE-----


------------=_1274449333-24326-8104
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1274449333-24326-8104--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung