dovecot-1.0.7-7.1AXS3

エラータID: AXSA:2009-18:01

Release date: 
Monday, February 16, 2009 - 09:00
Subject: 
dovecot-1.0.7-7.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
Low
Description: 

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
Fixed bugs:
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

Solution: 

Update packages

CVEs: 
CVE-2008-4577
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-1.0.7-7.1AXS3.src.rpm
    MD5: 1115b2e539bb684dd075f76a0a715a60
    SHA-256: 9eaf402deb06b0176e735a11557a6a14b738501ff381ebb5f453747bcd16c0c3
    Size: 1.75 MB

Asianux Server 3 for x86
  1. dovecot-1.0.7-7.1AXS3.i386.rpm
    MD5: cad41f9146267419d401a6b943527a2a
    SHA-256: 7e9d4fa4f2a160db4d448b2142fc47a34954fbd216248a95c9e113c6bbab9c91
    Size: 1.66 MB

Asianux Server 3 for x86_64
  1. dovecot-1.0.7-7.1AXS3.x86_64.rpm
    MD5: c796843592c78d7eeb29daf145d7c9bc
    SHA-256: ec20b0476a525837b3c8798d0c56522d550814eb20212d4e7d3440895ba91c89
    Size: 1.67 MB