Uočen je sigurnosni propust u radu programskog paketa Dovecot, namijenjenog operacijskom sustavu Fedora 13, koji udaljenom napadaču omogućuje izvođenje napada uskraćivanjem usluge (DoS).

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7612
2011-05-27 19:56:57
--------------------------------------------------------------------------------

Name        : dovecot
Product     : Fedora 13
Version     : 1.2.17
Release     : 1.fc13
URL         : http://www.dovecot.org/
Summary     : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

- Fixed potential crashes and other problems when parsing header names that
contained NUL characters.
- IMAP: Fixed a memory leak with ESEARCH command handling
- Quota warnings could have been executed at incorrect times with some
configs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 12 2011 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.17-1
- Fixed potential crashes and other problems when parsing header names
  that contained NUL characters
- IMAP: Fixed a memory leak with ESEARCH command handling
- Quota warnings could have been executed at incorrect times with some configs
* Wed Nov 10 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.16-1
- imap: Fixed SELECT QRESYNC not to crash on mailbox close if a lot
  of changes were being sent.
- pop3: Fixed a potential hang
- mbox: Creating new mailboxes should base permissions on mail root
  dir, not always use 0600.
- auth: Disable auth caching entirely for master users.
* Mon Oct 25 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.15-2
- do not use dotlocking by default for deliver too (#629020)
* Tue Oct  5 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.15-1
- updated to dovecot 1.2.15, sieve 0.1.18, managesieve 0.11.12
- acl: Fixed the logic of merging multiple ACL entries
- acl: Don't give admin rights to all owner mailboxes
- Maildir: Fixed potential "Duplicate file entry" in dovecot-uidlist 
  file errors.
- Maildir: Avoid unnecessary uidlist recreation during mail delivery.
* Wed Aug 25 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.14-1
- updated to dovecot 1.2.14
- virtual mailboxes: Added support for IDLE notifications.
- master: Don't crash on config reload when using dict processes.
- IMAP: QRESYNC parameters for SELECT weren't handled correctly.
* Fri Aug 20 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.13-2
- imap: Don't crash with QRESYNC SELECT specifying sequences larger 
  than mailbox's message count (#625207)
* Tue Jul 27 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.13-1
- updated to dovecot 1.2.13
- Fixed iconv() crash when it was processing several kilobytes of
  broken continuous input
- If MIME encoded-words contained line feeds, Dovecot logged
  cache corruption errors.
- mbox: Renaming mailbox under newly created dir didn't move index directory.
* Mon Jun 21 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.12-1
- updated to dovecot 1.2.12
- deliver: Don't crash when a message with Auto-submitted: header gets
rejected
- lib-storage: Fixed header searches to work correctly when there are
  multiple headers with same name.
- dict client: Disconnect from dict server after 1 second of idling.
- dict: If process crashed, it wasn't automatically restarted
- dict file: If dict file's group permissions equal world permissions,
  don't try to change its gid.
- maildir: Fixed a memory leak when copying with hardlinks.
- maildir: Expunging last messages may have assert-crashed if their
  filenames had just changed.
- sieve updated to 0.1.17
- Fixed a few potential memory leaks in the Sieve compiler and the
  spam/virustest extensions.
- Made command line tools return proper exit status upon failure.
* Mon May 31 2010 Michal Hlavinka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:1.2.11-4
- build with Solr full text search support (#595933)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #706286 - CVE-2011-1929 dovecot: potential crash when parsing
header names that contain NUL characters
        https://bugzilla.redhat.com/show_bug.cgi?id=706286
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce