=========================================================== 
Ubuntu Security Notice USN-567-1           January 10, 2008
dovecot vulnerability
CVE-2007-6598
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  dovecot-imapd                   1.0.rc17-1ubuntu2.2
  dovecot-pop3d                   1.0.rc17-1ubuntu2.2

Ubuntu 7.10:
  dovecot-imapd                   1:1.0.5-1ubuntu2.1
  dovecot-pop3d                   1:1.0.5-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that in very rare configurations using LDAP, Dovecot may
reuse cached connections for users with the same password.  As a result,
a user may be able to login as another if the connection is reused.
The default Ubuntu configuration of Dovecot was not vulnerable.


Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   101513 3a05fe3f2bdcd39c32e0a650b61c9b18
          Size/MD5:     1100 89b4ea9a138396356ce51947d4a958b8
          Size/MD5:  1512386 881bcc7d2c8fba6d337f3e616a602bf7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  1274744 7c4aea65aa4b2c8360ca296e4c7dd11b
          Size/MD5:   586662 3a4c663dd70057ff8a559512880f88b5
          Size/MD5:   552404 d3c2ce0c2eb3aa58f8b17dad3fc4ee8f

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  1164784 517cb8721acce093e3435565a2163a0e
          Size/MD5:   554298 eb6fbeeeee1889303647318298ad5150
          Size/MD5:   521626 a82bae1bb6e26289a91166bc77f1a23b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  1291322 a4df46fd2fac7456d425bf66b5862188
          Size/MD5:   591040 a27429b620664c82ada26d6cbfafcbc5
          Size/MD5:   556188 16c2bdae0d14a402644c8c58439fa75c

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  1158252 875a51f7b4ee7c81ada93481e2fc7487
          Size/MD5:   549596 75f43e94538ed72b7342b3ed00ba6005
          Size/MD5:   517136 7a6bc0cd8bbf73514d54624431e8c1b3

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:   107642 9e04e08b57194364c8248332817049e3
          Size/MD5:     1115 0e95044d51301ec964cf96bda69f1a0a
          Size/MD5:  1775898 94b7d29cf44f63f89d538361afa05c40

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  1814690 3c1b2d9247c7f246eb8c59b9d04a4362
          Size/MD5:   654514 7140315d855e7fab6d796be4166514a4
          Size/MD5:   617618 8c73c94bd43e89da32a0549c0c4218b6

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  1672926 1b323221b09fca189b471079f1ee5612
          Size/MD5:   621486 fa8977d8a945022fcdcf460d25d57141
          Size/MD5:   588164 df780cc94e95fabf7793139ed8ca4c1e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  1831950 d79e9f2cd81daab0eb7ae642d0444a0e
          Size/MD5:   656610 941223abf4f45c00434ff50a1323efad
          Size/MD5:   621772 c4557afdeac4488718e3e4cd7d66aed6

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  1666806 8dc28e714f31d687a1283f888f8b6301
          Size/MD5:   618418 f7f5afcaf0de5164b0f1189dabb7761d
          Size/MD5:   585178 fdb2b1bfc470ed595671596656d1e12c


Ubuntu: Dovecot vulnerability

January 10, 2008
It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-567-1 January 10, 2008

Package Information

Related News