Nom du paquet
dovecot
Date
2010-10-04
Advisory ID
MDVSA-2010:196
Affected versions
2009.1 i586 , 2009.1 x86_64

Problem description

A vulnerability was discovered and corrected in dovecot:

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).

Packages for 2009.1 were missing with the previous MDVSA-2009:242
update. This update corrects this.

This update provides a solution to this vulnerability.

Updated packages

2009.1 i586

 58dd261d6fe3b9f94d8e968d8022321d  2009.1/i586/dovecot-1.1.13-1.1mdv2009.1.i586.rpm
 5e8a430fdd0093e6dbfd2abd5a86d302  2009.1/i586/dovecot-devel-1.1.13-1.1mdv2009.1.i586.rpm
 23f57ab84ea636663c85adcdc8cf3be0  2009.1/i586/dovecot-plugins-gssapi-1.1.13-1.1mdv2009.1.i586.rpm
 46f12749940acc5ce034ffacf9580997  2009.1/i586/dovecot-plugins-ldap-1.1.13-1.1mdv2009.1.i586.rpm 
 29f58fe99963479329144451697fb931  2009.1/SRPMS/dovecot-1.1.13-1.1mdv2009.1.src.rpm

2009.1 x86_64

 bfaa46586c4f105bd50ae99a67f54a26  2009.1/x86_64/dovecot-1.1.13-1.1mdv2009.1.x86_64.rpm
 578b62118307db05883dc45cbbc97e89  2009.1/x86_64/dovecot-devel-1.1.13-1.1mdv2009.1.x86_64.rpm
 67b92edd0c14384b64a9fe2d4f0e56ac  2009.1/x86_64/dovecot-plugins-gssapi-1.1.13-1.1mdv2009.1.x86_64.rpm
 685e97a30598ce8eef9cc7adee24f369  2009.1/x86_64/dovecot-plugins-ldap-1.1.13-1.1mdv2009.1.x86_64.rpm 
 29f58fe99963479329144451697fb931  2009.1/SRPMS/dovecot-1.1.13-1.1mdv2009.1.src.rpm

References