Package name
dovecot
Date
2011-05-26
Advisory ID
MDVSA-2011:101
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been identified and fixed in dovecot:

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and
2.0.x before 2.0.13 does not properly handle '\0' (NUL) characters
in header names, which allows remote attackers to cause a denial of
service (daemon crash or mailbox corruption) via a crafted e-mail
message (CVE-2011-1929).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 01313d55d32d9d7b3efbe8c4af0d5846  2009.0/x86_64/dovecot-1.1.6-0.4mdv2009.0.x86_64.rpm
 6275b3aa59917489444151f6e1f7ad1a  2009.0/x86_64/dovecot-devel-1.1.6-0.4mdv2009.0.x86_64.rpm
 09d94ab4097397822513927f43be979f  2009.0/x86_64/dovecot-plugins-gssapi-1.1.6-0.4mdv2009.0.x86_64.rpm
 0f853a96ffc71160346e8b1e20ee8c23  2009.0/x86_64/dovecot-plugins-ldap-1.1.6-0.4mdv2009.0.x86_64.rpm 
 0f5ab891bc89f805c9b1e6352dfe76e3  2009.0/SRPMS/dovecot-1.1.6-0.4mdv2009.0.src.rpm

MES5 i586

 5db708bec8b22ae2ed3e853fd3b2e557  mes5/i586/dovecot-1.1.6-0.4mdvmes5.2.i586.rpm
 ad1babe1622ee32bd7022e2af385bb9a  mes5/i586/dovecot-devel-1.1.6-0.4mdvmes5.2.i586.rpm
 1ce3969455f2225b0a6c77b766c83b3e  mes5/i586/dovecot-plugins-gssapi-1.1.6-0.4mdvmes5.2.i586.rpm
 4fcb2af78e94a7e3240e534e10584052  mes5/i586/dovecot-plugins-ldap-1.1.6-0.4mdvmes5.2.i586.rpm 
 fe2800f588d5ff9f2be3da549b62534f  mes5/SRPMS/dovecot-1.1.6-0.4mdvmes5.2.src.rpm

2010.1 i586

 c20c01837cb34db6f0cf84228cc72bf3  2010.1/i586/dovecot-1.2.15-0.2mdv2010.2.i586.rpm
 aee42d23be9ec20bb806652475cd5855  2010.1/i586/dovecot-devel-1.2.15-0.2mdv2010.2.i586.rpm
 e7cc9fd905959b139f51c7227f0aa0cc  2010.1/i586/dovecot-plugins-gssapi-1.2.15-0.2mdv2010.2.i586.rpm
 5c4b18fd9aac03b1da511f5982b2110c  2010.1/i586/dovecot-plugins-ldap-1.2.15-0.2mdv2010.2.i586.rpm
 2025b378dd4026154817bd122c265f9d  2010.1/i586/dovecot-plugins-managesieve-1.2.15-0.2mdv2010.2.i586.rpm
 7100d1058b5364e31ea09e8f3fc3ed07  2010.1/i586/dovecot-plugins-mysql-1.2.15-0.2mdv2010.2.i586.rpm
 85a8c46868db30507dec6a69c2c87cf3  2010.1/i586/dovecot-plugins-pgsql-1.2.15-0.2mdv2010.2.i586.rpm
 c55c50ce2cc24ee141b1a31f25bf280a  2010.1/i586/dovecot-plugins-sieve-1.2.15-0.2mdv2010.2.i586.rpm
 59f3f89c09790dc2c5297c3b6f2f7ff9  2010.1/i586/dovecot-plugins-sqlite-1.2.15-0.2mdv2010.2.i586.rpm 
 40d6d69185673abea00a515899083fda  2010.1/SRPMS/dovecot-1.2.15-0.2mdv2010.2.src.rpm

2009.0 i586

 21c523280a532bca1549cd2d6620f017  2009.0/i586/dovecot-1.1.6-0.4mdv2009.0.i586.rpm
 28f6e482c8d788e5e782f7fe60cb51dd  2009.0/i586/dovecot-devel-1.1.6-0.4mdv2009.0.i586.rpm
 f75ed118bcd8afb93f651b71707e6b30  2009.0/i586/dovecot-plugins-gssapi-1.1.6-0.4mdv2009.0.i586.rpm
 83ab2ceabf79c74fbd7c8152c9032832  2009.0/i586/dovecot-plugins-ldap-1.1.6-0.4mdv2009.0.i586.rpm 
 0f5ab891bc89f805c9b1e6352dfe76e3  2009.0/SRPMS/dovecot-1.1.6-0.4mdv2009.0.src.rpm

MES5 x86_64

 a597739b9220abf26e33b21b767d7745  mes5/x86_64/dovecot-1.1.6-0.4mdvmes5.2.x86_64.rpm
 6f83a1c86785d2374ac631249ff4eb3d  mes5/x86_64/dovecot-devel-1.1.6-0.4mdvmes5.2.x86_64.rpm
 3e07cfdac2d0e40f2a77e9978318b022  mes5/x86_64/dovecot-plugins-gssapi-1.1.6-0.4mdvmes5.2.x86_64.rpm
 7314fa4487025f1b70fa0fba97bc0f71  mes5/x86_64/dovecot-plugins-ldap-1.1.6-0.4mdvmes5.2.x86_64.rpm 
 fe2800f588d5ff9f2be3da549b62534f  mes5/SRPMS/dovecot-1.1.6-0.4mdvmes5.2.src.rpm

2010.1 x86_64

 7d8a197c83d50e3313ddda5bea6f6914  2010.1/x86_64/dovecot-1.2.15-0.2mdv2010.2.x86_64.rpm
 260181fc437f05075a784a17ad7ac563  2010.1/x86_64/dovecot-devel-1.2.15-0.2mdv2010.2.x86_64.rpm
 1de0be6e0508baa67a4adcff4e392e48  2010.1/x86_64/dovecot-plugins-gssapi-1.2.15-0.2mdv2010.2.x86_64.rpm
 ec01ff2c8ba7aeb1659a140ca0a65a79  2010.1/x86_64/dovecot-plugins-ldap-1.2.15-0.2mdv2010.2.x86_64.rpm
 f7ef975718bd9dde0baf78e44f835f40  2010.1/x86_64/dovecot-plugins-managesieve-1.2.15-0.2mdv2010.2.x86_64.rpm
 8f02ab80253bf9cfdb1a8615a1609745  2010.1/x86_64/dovecot-plugins-mysql-1.2.15-0.2mdv2010.2.x86_64.rpm
 7fb61fb5880669a60f466def532a0ca8  2010.1/x86_64/dovecot-plugins-pgsql-1.2.15-0.2mdv2010.2.x86_64.rpm
 71b8afbe2d8466889a1c6d26999d2f84  2010.1/x86_64/dovecot-plugins-sieve-1.2.15-0.2mdv2010.2.x86_64.rpm
 b2f766a7ff3327b953c8206c6fd98a9d  2010.1/x86_64/dovecot-plugins-sqlite-1.2.15-0.2mdv2010.2.x86_64.rpm 
 40d6d69185673abea00a515899083fda  2010.1/SRPMS/dovecot-1.2.15-0.2mdv2010.2.src.rpm

References