Sigurnosni propust programskog paketa Dovecot

U radu programskog paketa Dovecot uočen je sigurnosni propust koji udaljenom napadaču omogućuje napad uskraćivanjem usluga (DoS).

Paket:	Dovecot 1.x, Dovecot 2.x
Operacijski sustavi:	CentOS , Debian Linux 6.0 (squeeze)
Kritičnost:	3.7
Problem:	pogreška u programskoj funkciji
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-1929
Izvorni ID preporuke:	2011:0833
Izvor:	CentOS

Problem:
Sigurnosna ranjivost se javlja zbog pogrešnog rukovanja " " znakovima u "lib-mail/message-header-parser.c" datoteci.
Posljedica:
Udaljeni napadač sigurnosni propust može iskoristiti za napad uskraćivanjem usluga (eng. Denial of Service) putem posebno oblikovane poruke elektroničke pošte.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.

Izvorni tekst preporuke

CentOS Errata and Security Advisory 2011:0833 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
dd9aaf9970310600e859b46946b7f2a9  kernel-2.6.18-238.12.1.el5.i686.rpm
2ed708da836e1463cf46d45e775b592f  kernel-debug-2.6.18-238.12.1.el5.i686.rpm
026860be5dfce20b21e2aba9f0ea59f7 
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
408b0d828757b191e35750e4fd3621f3  kernel-devel-2.6.18-238.12.1.el5.i686.rpm
282d172ca2498e818c6b0570b4ce76b6  kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
e4acc41b003cf8763c3e277f019581e2  kernel-headers-2.6.18-238.12.1.el5.i386.rpm
862d7e1a4118811ae3713dc85ca6b464  kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
983ae820419d6e29a0ebb60b77e1193c 
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
259a7846a7325f6815dd91c97e844f8b  kernel-xen-2.6.18-238.12.1.el5.i686.rpm
d5c9e8eb90ab59159cd215ce5e6ffe91 
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm

Source:
252810602106f6c4851bc3f1c0012a97  kernel-2.6.18-238.12.1.el5.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce



CentOS Errata and Security Advisory 2011:0833 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
480a23019f26117cfa6b6bda82c52daa  kernel-2.6.18-238.12.1.el5.x86_64.rpm
0e1756f4c61922ff525768041e93491d  kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
cdddbc8cb4d0e968326966a84ed8a73c 
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
99073c45aab701116866e699c03f0a6f  kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
131f7868962dc062e16db305980fb97f  kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
43cf8bb7ece8d55fe6b1dfa08c5591ac 
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
faee8065fe0158d2d35e55c03141f5b1  kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
c569a871fc3b2b84973c45f8d3d58cef 
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm

Source:
252810602106f6c4851bc3f1c0012a97  kernel-2.6.18-238.12.1.el5.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2252-1                   Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://www.debian.org/security/                        Moritz Muehlenhoff
June 02, 2011                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1929 
Debian Bug     : 627443

It was discovered that the message header parser in the Dovecot mail 
server parsed NUL characters incorrectly, which could lead to denial
of service through malformed mail headers.


The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.15-7.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.13-1.

We recommend that you upgrade your dovecot packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3n8ScACgkQXm3vHE4uylo/iACg5RQteaE1DdrtIWf8rfMGY4Gg
knQAniuGCwODjyCFqTC/AJN3A7OB5yeL
=yZ8F
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
with a subject of "unsubscribe". Trouble? Contact Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Archive: http://lists.debian.org/Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Sigurnosni propust programskog paketa Dovecot

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust programskog paketa Dovecot

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti