MDVSA-2010:196
- Nom du paquet
- dovecot
- Date
- 2010-10-04
- Advisory ID
- MDVSA-2010:196
- Affected versions
- 2009.1 i586 , 2009.1 x86_64
Problem description
A vulnerability was discovered and corrected in dovecot:
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).
Packages for 2009.1 were missing with the previous MDVSA-2009:242
update. This update corrects this.
This update provides a solution to this vulnerability.
Updated packages
2009.1 i586
58dd261d6fe3b9f94d8e968d8022321d 2009.1/i586/dovecot-1.1.13-1.1mdv2009.1.i586.rpm 5e8a430fdd0093e6dbfd2abd5a86d302 2009.1/i586/dovecot-devel-1.1.13-1.1mdv2009.1.i586.rpm 23f57ab84ea636663c85adcdc8cf3be0 2009.1/i586/dovecot-plugins-gssapi-1.1.13-1.1mdv2009.1.i586.rpm 46f12749940acc5ce034ffacf9580997 2009.1/i586/dovecot-plugins-ldap-1.1.13-1.1mdv2009.1.i586.rpm 29f58fe99963479329144451697fb931 2009.1/SRPMS/dovecot-1.1.13-1.1mdv2009.1.src.rpm
2009.1 x86_64
bfaa46586c4f105bd50ae99a67f54a26 2009.1/x86_64/dovecot-1.1.13-1.1mdv2009.1.x86_64.rpm 578b62118307db05883dc45cbbc97e89 2009.1/x86_64/dovecot-devel-1.1.13-1.1mdv2009.1.x86_64.rpm 67b92edd0c14384b64a9fe2d4f0e56ac 2009.1/x86_64/dovecot-plugins-gssapi-1.1.13-1.1mdv2009.1.x86_64.rpm 685e97a30598ce8eef9cc7adee24f369 2009.1/x86_64/dovecot-plugins-ldap-1.1.13-1.1mdv2009.1.x86_64.rpm 29f58fe99963479329144451697fb931 2009.1/SRPMS/dovecot-1.1.13-1.1mdv2009.1.src.rpm