Package name
dovecot
Date
2009-09-22
Advisory ID
MDVSA-2009:242
Affected versions
2009.0 x86_64 , 2009.0 i586 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in dovecot:

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).

This update provides a solution to this vulnerability.

Updated packages

2009.0 x86_64

 cf38d92a0280f2e99d21aa7e02714248  2009.0/x86_64/dovecot-1.1.6-0.2mdv2009.0.x86_64.rpm
 2231f2773f16512ff76f8a8a46da4d5f  2009.0/x86_64/dovecot-devel-1.1.6-0.2mdv2009.0.x86_64.rpm
 47372922a43f62871796894e1dcb34fc  2009.0/x86_64/dovecot-plugins-gssapi-1.1.6-0.2mdv2009.0.x86_64.rpm
 594f9c0c2d48aedd1fda578f9a84e66e  2009.0/x86_64/dovecot-plugins-ldap-1.1.6-0.2mdv2009.0.x86_64.rpm 
 8e10eeefb81e621d7229dbd8aab359a4  2009.0/SRPMS/dovecot-1.1.6-0.2mdv2009.0.src.rpm

2009.0 i586

 1443166400be020ea69b044bb00edd94  2009.0/i586/dovecot-1.1.6-0.2mdv2009.0.i586.rpm
 8fea9ab4351247bbd73466cfccebd5df  2009.0/i586/dovecot-devel-1.1.6-0.2mdv2009.0.i586.rpm
 514c76e108d53e76e808020d5fdbd0be  2009.0/i586/dovecot-plugins-gssapi-1.1.6-0.2mdv2009.0.i586.rpm
 a46cc5ded675ff5d05f5522f3cc61afe  2009.0/i586/dovecot-plugins-ldap-1.1.6-0.2mdv2009.0.i586.rpm 
 8e10eeefb81e621d7229dbd8aab359a4  2009.0/SRPMS/dovecot-1.1.6-0.2mdv2009.0.src.rpm

MES5 x86_64

 8aaba1434f3e237eeba9aa644a654e30  mes5/x86_64/dovecot-1.1.6-0.2mdvmes5.x86_64.rpm
 2f5caed22fa92c41047e0e6289be08ed  mes5/x86_64/dovecot-devel-1.1.6-0.2mdvmes5.x86_64.rpm
 141fc34e36b04666b556f30ebeeea385  mes5/x86_64/dovecot-plugins-gssapi-1.1.6-0.2mdvmes5.x86_64.rpm
 d69d0d69cb6fd3ad1666f046b3252f47  mes5/x86_64/dovecot-plugins-ldap-1.1.6-0.2mdvmes5.x86_64.rpm

References