[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061128204253.GK7122@outflux.net>
Date: Tue, 28 Nov 2006 12:42:53 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-387-1] Dovecot vulnerability
===========================================================
Ubuntu Security Notice USN-387-1 November 28, 2006
dovecot vulnerability
CVE-2006-5973
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
dovecot-common 1.0.beta3-3ubuntu5.4
Ubuntu 6.10:
dovecot-common 1.0.rc2-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Dovecot was discovered to have an error when handling its index cache
files. This error could be exploited by authenticated POP and IMAP
users to cause a crash of the Dovecot server, or possibly to execute
arbitrary code. Only servers using the non-default option
"mmap_disable=yes" were vulnerable.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.diff.gz
Size/MD5: 472729 09b338e6892e572e2e9d91ec22a5f05e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.dsc
Size/MD5: 900 da748b07fc335d054629a3cb1446a63e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
Size/MD5: 1257435 e27a248b2ee224e4618aa2f020150041
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 936252 52c327408a863459f9fcb2a42039bffc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 386922 0811212d24e3f5f4d8460f2b3627b443
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_amd64.deb
Size/MD5: 353150 a7f7601e4552eff649aeda9f7ef49350
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 833658 e8185521fb7cf53f1c78ccd95f6f9eef
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 354136 d89074a01b639a0403394895c47efac4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_i386.deb
Size/MD5: 323488 9d248269d8a33944a06d619affd62e28
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 924944 9bda9397cc41f6e515d474d1f335d49c
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 385242 cc72e58c0d04d0271c8b7cc8a303fc77
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_powerpc.deb
Size/MD5: 351952 2bef7431d4c0861d9edd30119bed79f0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 820430 e28f7336281cdd54c556b9c9ba011819
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 347692 e162121eefe72311585b90c3c6718124
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_sparc.deb
Size/MD5: 316844 4f5ad0b8d5e671a406649676888791db
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.diff.gz
Size/MD5: 468953 1518e1cadad0e69bb1e18c77a8a2a06e
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.dsc
Size/MD5: 867 f46814c20c38efc63d212d05714461d1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
Size/MD5: 1360574 5418f9f7fe99e4f10bb82d9fe504138a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 962792 193171868a6d8c3c9908b68d7a58c14a
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 532830 762026328217e82db42fe6ddb98bfc2b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_amd64.deb
Size/MD5: 500920 2f42ee2f548bc1defc33ed4b15b06315
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 838756 deaa721cec3ccdcec72787e6fac539dc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 486042 22d3b5160b983dae1217c1cf19a6f9bc
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_i386.deb
Size/MD5: 456818 b3209b05b1650d878954debe4868531b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb
Size/MD5: 940686 efe340e32c9834dc455e8a2482fdacb3
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_powerpc.deb
Size/MD5: 526556 864fd3fff50a9eb90f70b9db021515f4
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_powerpc.deb
Size/MD5: 494276 622cf9cc8104add8e865391b7f73be0c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 855364 6876997d628b53ec054552687e5ab6c2
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 492036 818b124ffe5d635e7639271b51d11f4b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_sparc.deb
Size/MD5: 462198 2eea31b7278678dd215fa85b2cd0dcf8
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists