lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061128204253.GK7122@outflux.net>
Date: Tue, 28 Nov 2006 12:42:53 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-387-1] Dovecot vulnerability

=========================================================== 
Ubuntu Security Notice USN-387-1          November 28, 2006
dovecot vulnerability
CVE-2006-5973
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  dovecot-common                           1.0.beta3-3ubuntu5.4

Ubuntu 6.10:
  dovecot-common                           1.0.rc2-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dovecot was discovered to have an error when handling its index cache 
files.  This error could be exploited by authenticated POP and IMAP 
users to cause a crash of the Dovecot server, or possibly to execute 
arbitrary code.  Only servers using the non-default option 
"mmap_disable=yes" were vulnerable.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.diff.gz
      Size/MD5:   472729 09b338e6892e572e2e9d91ec22a5f05e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.dsc
      Size/MD5:      900 da748b07fc335d054629a3cb1446a63e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
      Size/MD5:  1257435 e27a248b2ee224e4618aa2f020150041

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   936252 52c327408a863459f9fcb2a42039bffc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   386922 0811212d24e3f5f4d8460f2b3627b443
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   353150 a7f7601e4552eff649aeda9f7ef49350

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   833658 e8185521fb7cf53f1c78ccd95f6f9eef
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   354136 d89074a01b639a0403394895c47efac4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   323488 9d248269d8a33944a06d619affd62e28

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   924944 9bda9397cc41f6e515d474d1f335d49c
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   385242 cc72e58c0d04d0271c8b7cc8a303fc77
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   351952 2bef7431d4c0861d9edd30119bed79f0

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   820430 e28f7336281cdd54c556b9c9ba011819
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   347692 e162121eefe72311585b90c3c6718124
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   316844 4f5ad0b8d5e671a406649676888791db

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.diff.gz
      Size/MD5:   468953 1518e1cadad0e69bb1e18c77a8a2a06e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.dsc
      Size/MD5:      867 f46814c20c38efc63d212d05714461d1
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
      Size/MD5:  1360574 5418f9f7fe99e4f10bb82d9fe504138a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   962792 193171868a6d8c3c9908b68d7a58c14a
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   532830 762026328217e82db42fe6ddb98bfc2b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   500920 2f42ee2f548bc1defc33ed4b15b06315

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   838756 deaa721cec3ccdcec72787e6fac539dc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   486042 22d3b5160b983dae1217c1cf19a6f9bc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   456818 b3209b05b1650d878954debe4868531b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   940686 efe340e32c9834dc455e8a2482fdacb3
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   526556 864fd3fff50a9eb90f70b9db021515f4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   494276 622cf9cc8104add8e865391b7f73be0c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   855364 6876997d628b53ec054552687e5ab6c2
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   492036 818b124ffe5d635e7639271b51d11f4b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   462198 2eea31b7278678dd215fa85b2cd0dcf8


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ