Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-666-1: Dovecot vulnerability
Posted by Bob on: 11/07/2008 09:25 PM [ Print | 0 comment(s) ]
A new Dovecot vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-666-1 November 07, 2008
dovecot vulnerability
CVE-2008-4907
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
dovecot-imapd 1:1.1.4-0ubuntu1.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that certain email headers were not correctly handled
by Dovecot. If a remote attacker sent a specially crafted email to a
user with a mailbox managed by Dovecot, that user's mailbox would become
inaccessible through Dovecot, leading to a denial of service.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.diff.gz
Size/MD5: 929264 081dd67323ef5a912d1865e422d85263
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.dsc
Size/MD5: 1669 b5c959d8dab7b22fefe3e5d5c2768eba
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4.orig.tar.gz
Size/MD5: 2314155 0050dd609cb456c8e52565a85373df28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 3747338 3799442c47220a147d59cc8ea762e6f0
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 549718 0717edc4a2d53ef34b32a3156effe2d1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 950200 eb99baa9acac66128192bdb701f875aa
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 905260 5ab8030f635d679a3f5b10cf8282a4f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 3516848 141649512b9ff346eab0582b9338da54
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 549726 2b611d99e2ff5c2a38938368d2580a0b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 921466 68f6e84f7bfe01d31c2ff8dc344ea658
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 875480 1a2aed36f01b569b9bde6b77a29157e4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 3467624 c287e35fb5f3a1e9b9b4485dc13f07de
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 549724 a59177a273803bf9d313a53f3f726729
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 913584 a5a5527a95dbb554e57bbca83396bb36
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 869452 52d67f818a62a02f97b12c7dde9a150a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 3815682 21cd45362a782fe289b9662a76079848
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 549740 36d967f8b1277511a9d0ee284c87170c
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 967488 26e8dd0e8509d5b7b604eeee3108e2c5
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 917536 6b45a5aead48627af5cdd92800d33f74
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 3508674 fbe66dded65cdefbb6ba8f80961db9e1
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 549760 d85ddfbdafa5010d8521eb044ee19860
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 918904 2daa617cefe075bce509e4b370b8849e
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 872424 0127029046c17431687c4eefba5557f4
--UlxN1C6awaFNesUv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkkUo0YACgkQH/9LqRcGPm1kjQCgjc8mVmAukCMIouQc+vpNQ1gy
T6sAn23HuIkhZkm9MZAs1Nvg8Sg9A6pY
=cRH5
-----END PGP SIGNATURE-----
dovecot vulnerability
CVE-2008-4907
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
dovecot-imapd 1:1.1.4-0ubuntu1.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that certain email headers were not correctly handled
by Dovecot. If a remote attacker sent a specially crafted email to a
user with a mailbox managed by Dovecot, that user's mailbox would become
inaccessible through Dovecot, leading to a denial of service.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.diff.gz
Size/MD5: 929264 081dd67323ef5a912d1865e422d85263
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4-0ubuntu1.2.dsc
Size/MD5: 1669 b5c959d8dab7b22fefe3e5d5c2768eba
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.1.4.orig.tar.gz
Size/MD5: 2314155 0050dd609cb456c8e52565a85373df28
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 3747338 3799442c47220a147d59cc8ea762e6f0
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 549718 0717edc4a2d53ef34b32a3156effe2d1
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 950200 eb99baa9acac66128192bdb701f875aa
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_amd64.deb
Size/MD5: 905260 5ab8030f635d679a3f5b10cf8282a4f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 3516848 141649512b9ff346eab0582b9338da54
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 549726 2b611d99e2ff5c2a38938368d2580a0b
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 921466 68f6e84f7bfe01d31c2ff8dc344ea658
http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_i386.deb
Size/MD5: 875480 1a2aed36f01b569b9bde6b77a29157e4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 3467624 c287e35fb5f3a1e9b9b4485dc13f07de
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 549724 a59177a273803bf9d313a53f3f726729
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 913584 a5a5527a95dbb554e57bbca83396bb36
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_lpia.deb
Size/MD5: 869452 52d67f818a62a02f97b12c7dde9a150a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 3815682 21cd45362a782fe289b9662a76079848
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 549740 36d967f8b1277511a9d0ee284c87170c
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 967488 26e8dd0e8509d5b7b604eeee3108e2c5
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_powerpc.deb
Size/MD5: 917536 6b45a5aead48627af5cdd92800d33f74
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-common_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 3508674 fbe66dded65cdefbb6ba8f80961db9e1
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-dev_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 549760 d85ddfbdafa5010d8521eb044ee19860
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-imapd_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 918904 2daa617cefe075bce509e4b370b8849e
http://ports.ubuntu.com/pool/main/d/dovecot/dovecot-pop3d_1.1.4-0ubuntu1.2_sparc.deb
Size/MD5: 872424 0127029046c17431687c4eefba5557f4
--UlxN1C6awaFNesUv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkkUo0YACgkQH/9LqRcGPm1kjQCgjc8mVmAukCMIouQc+vpNQ1gy
T6sAn23HuIkhZkm9MZAs1Nvg8Sg9A6pY
=cRH5
-----END PGP SIGNATURE-----
