U radu programskog paketa Dovecot uočen je sigurnosni propust koji udaljenom napadaču omogućuje napad uskraćivanjem usluga (DoS).
Paket:
Dovecot 1.x, Dovecot 2.x
Operacijski sustavi:
CentOS , Debian Linux 6.0 (squeeze)
Kritičnost:
3.7
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1929
Izvorni ID preporuke:
2011:0833
Izvor:
CentOS
Problem:
Sigurnosna ranjivost se javlja zbog pogrešnog rukovanja " " znakovima u "lib-mail/message-header-parser.c" datoteci.
Posljedica:
Udaljeni napadač sigurnosni propust može iskoristiti za napad uskraćivanjem usluga (eng. Denial of Service) putem posebno oblikovane poruke elektroničke pošte.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.
CentOS Errata and Security Advisory 2011:0833 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
dd9aaf9970310600e859b46946b7f2a9 kernel-2.6.18-238.12.1.el5.i686.rpm
2ed708da836e1463cf46d45e775b592f kernel-debug-2.6.18-238.12.1.el5.i686.rpm
026860be5dfce20b21e2aba9f0ea59f7
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
408b0d828757b191e35750e4fd3621f3 kernel-devel-2.6.18-238.12.1.el5.i686.rpm
282d172ca2498e818c6b0570b4ce76b6 kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
e4acc41b003cf8763c3e277f019581e2 kernel-headers-2.6.18-238.12.1.el5.i386.rpm
862d7e1a4118811ae3713dc85ca6b464 kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
983ae820419d6e29a0ebb60b77e1193c
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
259a7846a7325f6815dd91c97e844f8b kernel-xen-2.6.18-238.12.1.el5.i686.rpm
d5c9e8eb90ab59159cd215ce5e6ffe91
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
Source:
252810602106f6c4851bc3f1c0012a97 kernel-2.6.18-238.12.1.el5.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2011:0833 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
480a23019f26117cfa6b6bda82c52daa kernel-2.6.18-238.12.1.el5.x86_64.rpm
0e1756f4c61922ff525768041e93491d kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
cdddbc8cb4d0e968326966a84ed8a73c
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
99073c45aab701116866e699c03f0a6f kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
131f7868962dc062e16db305980fb97f kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
43cf8bb7ece8d55fe6b1dfa08c5591ac
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
faee8065fe0158d2d35e55c03141f5b1 kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
c569a871fc3b2b84973c45f8d3d58cef
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
Source:
252810602106f6c4851bc3f1c0012a97 kernel-2.6.18-238.12.1.el5.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2252-1 Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://www.debian.org/security/ Moritz Muehlenhoff
June 02, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dovecot
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1929
Debian Bug : 627443
It was discovered that the message header parser in the Dovecot mail
server parsed NUL characters incorrectly, which could lead to denial
of service through malformed mail headers.
The oldstable distribution (lenny) is not affected.
For the stable distribution (squeeze), this problem has been fixed in
version 1.2.15-7.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.13-1.
We recommend that you upgrade your dovecot packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3n8ScACgkQXm3vHE4uylo/iACg5RQteaE1DdrtIWf8rfMGY4Gg
knQAniuGCwODjyCFqTC/AJN3A7OB5yeL
=yZ8F
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
with a subject of "unsubscribe". Trouble? Contact Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Archive: http://lists.debian.org/Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke