-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:104 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dovecot Date : May 21, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in dovecot: Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message (CVE-2010-0745). This update provides dovecot 1.2.11 which is not vulnerable to this issue and also holds many bugfixes as well. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0745 http://www.dovecot.org/list/dovecot-news/2010-March/000152.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: b95d9a917da2a42436c933475dacb689 2010.0/i586/dovecot-1.2.11-0.1mdv2010.0.i586.rpm ae17dc00f69e99cd1bcd4117cde53e9d 2010.0/i586/dovecot-devel-1.2.11-0.1mdv2010.0.i586.rpm a5304d895371d64b4e77c8c178adeabc 2010.0/i586/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.i586.rpm ac1c3a580905b10ba644013646db053b 2010.0/i586/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.i586.rpm 5625a95867c3f6557e01c68c1627c50c 2010.0/i586/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.i586.rpm d7ca2adca57b353996bd0d3be8eaa15a 2010.0/i586/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.i586.rpm 648a1f4d176a2ff5e9d8c2751a75176d 2010.0/i586/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.i586.rpm 95f866ead04f859375e38775e13f2d82 2010.0/i586/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.i586.rpm 6cf7c7e9e47fb15c18bb2219fe58c39e 2010.0/i586/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.i586.rpm 5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: e5ac579121952f2f7d0db0082c35fe3f 2010.0/x86_64/dovecot-1.2.11-0.1mdv2010.0.x86_64.rpm 0d70781b49ad834523dff177b38394bc 2010.0/x86_64/dovecot-devel-1.2.11-0.1mdv2010.0.x86_64.rpm 65f7ed1fe4c4882173fb4bcfb1dee81e 2010.0/x86_64/dovecot-plugins-gssapi-1.2.11-0.1mdv2010.0.x86_64.rpm 9ce625bbdf040a61f84abcb98a326511 2010.0/x86_64/dovecot-plugins-ldap-1.2.11-0.1mdv2010.0.x86_64.rpm 87af67276a9b3a12cf5c17b369eea39a 2010.0/x86_64/dovecot-plugins-managesieve-1.2.11-0.1mdv2010.0.x86_64.rpm 8a9d7710eadcae398b232799458f25f1 2010.0/x86_64/dovecot-plugins-mysql-1.2.11-0.1mdv2010.0.x86_64.rpm bcf047e686991a4e52055f83cb9e7834 2010.0/x86_64/dovecot-plugins-pgsql-1.2.11-0.1mdv2010.0.x86_64.rpm c630786ec35b58dda992ffa7bf370da3 2010.0/x86_64/dovecot-plugins-sieve-1.2.11-0.1mdv2010.0.x86_64.rpm a9037b2ebcf8a76fbe455d15586e1e51 2010.0/x86_64/dovecot-plugins-sqlite-1.2.11-0.1mdv2010.0.x86_64.rpm 5e36c888b6f39d97c51f1ad2262d5698 2010.0/SRPMS/dovecot-1.2.11-0.1mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFL9mFHmqjQ0CJFipgRAkPBAJ0R70lQxLJ5wXhXnxXOE7EAqXJBLwCeJd9Q Ddb7NogAMrl6qa4iMnFrUfs= =b5XG -----END PGP SIGNATURE-----
