星球 - USN-1143-1: Dovecot vulnerability

來自:Ubuntu security notices | 2011/6/2 11:45:16

Ubuntu Security Notice USN-1143-1


1st June, 2011


dovecot vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 11.04


  • Ubuntu 10.10


  • Ubuntu 10.04 LTS





Summary


An attacker could send a crafted email message that could disrupt email
service.





Software description





  • dovecot
    - IMAP and POP3 email server











Details


It was discovered that the message header parser in Dovecot did not
properly handle '\0' characters in header names. This could allow a
remote attacker to cause a denial of service through a crafted email
message by crashing the Dovecot daemon or corrupting mailboxes.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 11.04:




dovecot-common

1:1.2.15-3ubuntu2.1





Ubuntu 10.10:




dovecot-common

1:1.2.12-1ubuntu8.2





Ubuntu 10.04 LTS:




dovecot-common

1:1.2.9-1ubuntu6.4








In general, a standard system update will make all the necessary changes.





References




CVE-2011-1929