USN-666-1: Dovecot vulnerability
Posted on: 11/07/2008 09:25 PM

A new Dovecot vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-666-1 November 07, 2008
dovecot vulnerability
CVE-2008-4907
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
dovecot-imapd 1:1.1.4-0ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that certain email headers were not correctly handled
by Dovecot. If a remote attacker sent a specially crafted email to a
user with a mailbox managed by Dovecot, that user's mailbox would become
inaccessible through Dovecot, leading to a denial of service.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.diff.gz
Size/MD5: 929264 081dd67323ef5a912d1865e422d85263
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.dsc
Size/MD5: 1669 b5c959d8dab7b22fefe3e5d5c2768eba
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4.orig.tar.gz
Size/MD5: 2314155 0050dd609cb456c8e52565a85373df28

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 3747338 3799442c47220a147d59cc8ea762e6f0
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 549718 0717edc4a2d53ef34b32a3156effe2d1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 950200 eb99baa9acac66128192bdb701f875aa
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 905260 5ab8030f635d679a3f5b10cf8282a4f5

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 3516848 141649512b9ff346eab0582b9338da54
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 549726 2b611d99e2ff5c2a38938368d2580a0b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 921466 68f6e84f7bfe01d31c2ff8dc344ea658
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 875480 1a2aed36f01b569b9bde6b77a29157e4

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 3467624 c287e35fb5f3a1e9b9b4485dc13f07de
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 549724 a59177a273803bf9d313a53f3f726729
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 913584 a5a5527a95dbb554e57bbca83396bb36
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 869452 52d67f818a62a02f97b12c7dde9a150a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 3815682 21cd45362a782fe289b9662a76079848
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 549740 36d967f8b1277511a9d0ee284c87170c
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 967488 26e8dd0e8509d5b7b604eeee3108e2c5
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 917536 6b45a5aead48627af5cdd92800d33f74

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 3508674 fbe66dded65cdefbb6ba8f80961db9e1
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 549760 d85ddfbdafa5010d8521eb044ee19860
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 918904 2daa617cefe075bce509e4b370b8849e
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 872424 0127029046c17431687c4eefba5557f4


--UlxN1C6awaFNesUv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;

iEYEARECAAYFAkkUo0YACgkQH/9LqRcGPm1kjQCgjc8mVmAukCMIouQc+vpNQ1gy
T6sAn23HuIkhZkm9MZAs1Nvg8Sg9A6pY
=cRH5
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_666_1_dovecot_vulnerability.html)