dovecot-2.0.9-2.AXS4

エラータID: AXSA:2011-212:01

リリース日: 
2011/05/30 Monday - 15:31
題名: 
dovecot-2.0.9-2.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
Security issues fixed with this release:
CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
CVE-2010-3780
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Enhancements:
- Upgraded to version 2.0.9. Refer to the /usr/share/doc/dovecot-2.0.9/ChangeLog file after installation for a full list of bug fixes and improvements.

解決策: 

Update packages.

CVE: 
CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
CVE-2010-3780
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. dovecot-2.0.9-2.AXS4.src.rpm
    MD5: c1e0c2b4d3c65f8fc0f21a4bd4f57630
    SHA-256: 3d4da976c639ffcd7ad92041b0d7b783bad3ce0cdaf22bcc9adb2cfcee294ce7
    Size: 4.24 MB

Asianux Server 4 for x86
  1. dovecot-2.0.9-2.AXS4.i686.rpm
    MD5: 7c6c78ad7a3cd8e29a5068f1f5b00df4
    SHA-256: 7584e2491785ded43b6a868021bd20d2a36c9266cbd439cdda418ef0a4b28414
    Size: 1.93 MB
  2. dovecot-mysql-2.0.9-2.AXS4.i686.rpm
    MD5: b0f407405f3388aca94af0b582b21ea3
    SHA-256: 52b877a142a100fb76cf3a60d548100b11befaffd1db202f509dba9b196b369f
    Size: 36.89 kB
  3. dovecot-pgsql-2.0.9-2.AXS4.i686.rpm
    MD5: c8dbbd600452c6bb8aca01927aae3c33
    SHA-256: af89511add1b93b4308345abbae459b3023dfb5a7f4bc9f25d7d8699c9c0d249
    Size: 39.24 kB
  4. dovecot-pigeonhole-2.0.9-2.AXS4.i686.rpm
    MD5: 8881eb757fdd36dbf6ad4b5e3a5082d1
    SHA-256: fe3695069975a8fe05bc2640d91b5800806f72e38487897f16fad80e2dec23e4
    Size: 96.55 kB

Asianux Server 4 for x86_64
  1. dovecot-2.0.9-2.AXS4.x86_64.rpm
    MD5: f639ed9117d2d927eefa7bc9724ee18f
    SHA-256: 0bd2840ca502ad46d0b128731f4a39d58cefc4ed7772eeba75acbeedd8aab89d
    Size: 1.91 MB
  2. dovecot-mysql-2.0.9-2.AXS4.x86_64.rpm
    MD5: 509587ba78be4dc2220896391ce16b01
    SHA-256: b7b2bd3637870f3e6f1c8a98b76c91929d64a7b3f03b41b3cc1d2cfa972db134
    Size: 36.54 kB
  3. dovecot-pgsql-2.0.9-2.AXS4.x86_64.rpm
    MD5: f263eec16bee9166e50c9aa236610b32
    SHA-256: 677cd23d015ffe1011d238048eeeb23d76f94e80eabf37629ea9380703417a31
    Size: 38.96 kB
  4. dovecot-pigeonhole-2.0.9-2.AXS4.x86_64.rpm
    MD5: 89e20532fcd7ec575d83e0da22111f1c
    SHA-256: 9baee91fa7ed6e94ade518e357eef444586b573624e2c32feeb75daadcad332e
    Size: 96.83 kB
  5. dovecot-2.0.9-2.AXS4.i686.rpm
    MD5: 7c6c78ad7a3cd8e29a5068f1f5b00df4
    SHA-256: 7584e2491785ded43b6a868021bd20d2a36c9266cbd439cdda418ef0a4b28414
    Size: 1.93 MB