drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in dovecot
Name: |
Denial of Service in dovecot |
|
ID: |
FEDORA-2012-19752 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Sa, 5. Januar 2013, 08:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5620 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
Name : dovecot Product : Fedora 16 Version : 2.0.21 Release : 4.fc16 URL : http://www.dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
------------------------------------------------------------------------------- - Update Information:
- do not crash during mail search (CVE-2012-5620) ------------------------------------------------------------------------------- - ChangeLog:
* Tue Dec 4 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-4 - do not crash during mail search (CVE-2012-5620) * Mon Nov 12 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-3 - fix network still not ready race condition (#871623) * Fri Nov 2 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-2 - add reload command to service file * Tue Jul 3 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.21-1 - dovecot updated to 2.0.21 - imap-login: Memory leak fixed - imap: Non-UTF8 input on SEARCH command parameters could have crashed - auth: Fixed crash with DIGEST-MD5 when attempting to do master user login without master passdbs. - sdbox: Don't use more fds than necessary when copying mails. - mdbox kept the user's storage locked a bit longer than it needed to * Tue Apr 10 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.20-1 - dovecot updated to 2.0.20 - doveadm import didn't import messages' flags - Make sure IMAP clients can't create directories when accessing nonexistent users' mailboxes via shared namespace. - Dovecot auth clients authenticating via TCP socket could have failed with bogus "PID already in use" errors. * Fri Mar 16 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.19-1 - dovecot updated to 2.0.19, pigeonhole updated to 0.2.6 - IMAP: ENABLE CONDSTORE/QRESYNC + STATUS for a mailbox might not have seen latest external changes to it, like new mails. - imap_id_* settings were ignored before login. - doveadm altmove did too much work sometimes, retrying moves it had already done. - mbox: Fixed accessing Dovecot v1.x mbox index files without errors. * Mon Feb 13 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.18-1 - dovecot updated to 2.0.18 - LDA/LMTP: Sending a large mail via submission_host or via LMTP proxy may have caused a hang. - fixed dbox + mail_attachment_dir + zlib problems. - login processes weren't logging all intended messages with auth_verbose=yes - IMAP: THREAD REFS sometimes returned invalid (0) nodes. - IMAP: CONTEXT search return option wasn't handled at all. - dbox: Various error handling fixes. * Mon Jan 9 2012 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.17-1 - dovecot updated to 2.0.17, pigeonhole updated to 0.2.5 - Fixed memory leaks in login processes with SSL connections - vpopmail support was broken in v2.0.16 * Fri Dec 2 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.16-2 - call systemd reload in postun * Mon Nov 21 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.16-1 - dovecot updated to 2.0.16 * Mon Oct 24 2011 Michal Hlavinka <mhlavink@redhat.com> - 1:2.0.15-2 - do not use obsolete settings in default configuration (#743444) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #883060 - CVE-2012-5620 dovecot: DoS when handling a search for multiple keywords https://bugzilla.redhat.com/show_bug.cgi?id=883060 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update dovecot' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|