[Full-disclosure] [ MDVSA-2010:104 ] dovecot




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:104
http://www.mandriva.com/security/
_______________________________________________________________________

Package : dovecot
Date : May 21, 2010
Affected: 2010.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in dovecot:

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows
remote attackers to cause a denial of service (CPU consumption)
via long headers in an e-mail message (CVE-2010-0745).

This update provides dovecot 1.2.11 which is not vulnerable to this
issue and also holds many bugfixes as well.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0745
http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
b95d9a917da2a42436c933475dacb689 2010.0/i586/dovecot-1.2.11-0.1mdv2010.0.i586.rpm
ae17dc00f69e99cd1bcd4117cde53e9d 2010.0/i586/dovecot-devel-1.2.11-0.1mdv2010.0.i586.rpm
a5304d895371d64b4e77c8c178adeabc 2010.0/i586/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.i586.rpm
ac1c3a580905b10ba644013646db053b 2010.0/i586/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.i586.rpm
5625a95867c3f6557e01c68c1627c50c 2010.0/i586/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.i586.rpm
d7ca2adca57b353996bd0d3be8eaa15a 2010.0/i586/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.i586.rpm
648a1f4d176a2ff5e9d8c2751a75176d 2010.0/i586/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.i586.rpm
95f866ead04f859375e38775e13f2d82 2010.0/i586/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.i586.rpm
6cf7c7e9e47fb15c18bb2219fe58c39e 2010.0/i586/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.i586.rpm
5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
e5ac579121952f2f7d0db0082c35fe3f 2010.0/x86_64/dovecot-1.2.11-0.1mdv2010.0.x86_64.rpm
0d70781b49ad834523dff177b38394bc 2010.0/x86_64/dovecot-devel-1.2.11-0.1mdv2010.0.x86_64.rpm
65f7ed1fe4c4882173fb4bcfb1dee81e 2010.0/x86_64/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.x86_64.rpm
9ce625bbdf040a61f84abcb98a326511 2010.0/x86_64/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.x86_64.rpm
87af67276a9b3a12cf5c17b369eea39a 2010.0/x86_64/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.x86_64.rpm
8a9d7710eadcae398b232799458f25f1 2010.0/x86_64/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.x86_64.rpm
bcf047e686991a4e52055f83cb9e7834 2010.0/x86_64/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.x86_64.rpm
c630786ec35b58dda992ffa7bf370da3 2010.0/x86_64/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.x86_64.rpm
a9037b2ebcf8a76fbe455d15586e1e51 2010.0/x86_64/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.x86_64.rpm
5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL9mFHmqjQ0CJFipgRAkPBAJ0R70lQxLJ5wXhXnxXOE7EAqXJBLwCeJd9Q
Ddb7NogAMrl6qa4iMnFrUfs=
=b5XG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:196 ] dovecot
    ... A vulnerability was discovered and corrected in dovecot: ... a different vulnerability than CVE-2009-2632 ... Packages for 2009.1 were missing with the previous MDVSA-2009:242 ... Mandriva Linux 2009.1/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:196 ] dovecot
    ... A vulnerability was discovered and corrected in dovecot: ... a different vulnerability than CVE-2009-2632 ... Packages for 2009.1 were missing with the previous MDVSA-2009:242 ... Mandriva Linux 2009.1/X86_64: ...
    (Bugtraq)
  • [ MDVSA-2010:104 ] dovecot
    ... A vulnerability was discovered and corrected in dovecot: ... Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows ... Mandriva Linux 2010.0/X86_64: ... All packages are signed by Mandriva for security. ...
    (Bugtraq)
  • [Full-disclosure] [ MDKSA-2007:089 ] - Updated php packages fix multiple vulnerabilities
    ... A DoS flaw was found in how PHP processed a deeply nested array. ... A vulnerability in the way the mbstring extension set global variables ... Updated packages have been patched to correct these issues. ... Mandriva Linux 2007.0/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDKSA-2007:090 ] - Updated php packages fix multiple vulnerabilities
    ... A DoS flaw was found in how PHP processed a deeply nested array. ... A vulnerability in the way the mbstring extension set global variables ... Updated packages have been patched to correct these issues. ... Mandriva Linux 2007.1/X86_64: ...
    (Full-Disclosure)