[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OFSRJ-0001gF-By@titan.mandriva.com>
Date: Fri, 21 May 2010 15:39:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:104 ] dovecot
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:104
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dovecot
Date : May 21, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in dovecot:
Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows
remote attackers to cause a denial of service (CPU consumption)
via long headers in an e-mail message (CVE-2010-0745).
This update provides dovecot 1.2.11 which is not vulnerable to this
issue and also holds many bugfixes as well.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0745
http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
b95d9a917da2a42436c933475dacb689 2010.0/i586/dovecot-1.2.11-0.1mdv2010.0.i586.rpm
ae17dc00f69e99cd1bcd4117cde53e9d 2010.0/i586/dovecot-devel-1.2.11-0.1mdv2010.0.i586.rpm
a5304d895371d64b4e77c8c178adeabc 2010.0/i586/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.i586.rpm
ac1c3a580905b10ba644013646db053b 2010.0/i586/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.i586.rpm
5625a95867c3f6557e01c68c1627c50c 2010.0/i586/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.i586.rpm
d7ca2adca57b353996bd0d3be8eaa15a 2010.0/i586/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.i586.rpm
648a1f4d176a2ff5e9d8c2751a75176d 2010.0/i586/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.i586.rpm
95f866ead04f859375e38775e13f2d82 2010.0/i586/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.i586.rpm
6cf7c7e9e47fb15c18bb2219fe58c39e 2010.0/i586/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.i586.rpm
5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
e5ac579121952f2f7d0db0082c35fe3f 2010.0/x86_64/dovecot-1.2.11-0.1mdv2010.0.x86_64.rpm
0d70781b49ad834523dff177b38394bc 2010.0/x86_64/dovecot-devel-1.2.11-0.1mdv2010.0.x86_64.rpm
65f7ed1fe4c4882173fb4bcfb1dee81e 2010.0/x86_64/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.x86_64.rpm
9ce625bbdf040a61f84abcb98a326511 2010.0/x86_64/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.x86_64.rpm
87af67276a9b3a12cf5c17b369eea39a 2010.0/x86_64/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.x86_64.rpm
8a9d7710eadcae398b232799458f25f1 2010.0/x86_64/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.x86_64.rpm
bcf047e686991a4e52055f83cb9e7834 2010.0/x86_64/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.x86_64.rpm
c630786ec35b58dda992ffa7bf370da3 2010.0/x86_64/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.x86_64.rpm
a9037b2ebcf8a76fbe455d15586e1e51 2010.0/x86_64/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.x86_64.rpm
5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL9mFHmqjQ0CJFipgRAkPBAJ0R70lQxLJ5wXhXnxXOE7EAqXJBLwCeJd9Q
Ddb7NogAMrl6qa4iMnFrUfs=
=b5XG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists