LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Dovecot vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable.
=========================================================== 
Ubuntu Security Notice USN-387-1          November 28, 2006
dovecot vulnerability
CVE-2006-5973
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  dovecot-common                           1.0.beta3-3ubuntu5.4

Ubuntu 6.10:
  dovecot-common                           1.0.rc2-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dovecot was discovered to have an error when handling its index cache 
files.  This error could be exploited by authenticated POP and IMAP 
users to cause a crash of the Dovecot server, or possibly to execute 
arbitrary code.  Only servers using the non-default option 
"mmap_disable=yes" were vulnerable.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.diff.gz
      Size/MD5:   472729 09b338e6892e572e2e9d91ec22a5f05e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.dsc
      Size/MD5:      900 da748b07fc335d054629a3cb1446a63e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz
      Size/MD5:  1257435 e27a248b2ee224e4618aa2f020150041

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   936252 52c327408a863459f9fcb2a42039bffc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   386922 0811212d24e3f5f4d8460f2b3627b443
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_amd64.deb
      Size/MD5:   353150 a7f7601e4552eff649aeda9f7ef49350

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   833658 e8185521fb7cf53f1c78ccd95f6f9eef
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   354136 d89074a01b639a0403394895c47efac4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_i386.deb
      Size/MD5:   323488 9d248269d8a33944a06d619affd62e28

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   924944 9bda9397cc41f6e515d474d1f335d49c
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   385242 cc72e58c0d04d0271c8b7cc8a303fc77
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_powerpc.deb
      Size/MD5:   351952 2bef7431d4c0861d9edd30119bed79f0

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   820430 e28f7336281cdd54c556b9c9ba011819
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   347692 e162121eefe72311585b90c3c6718124
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_sparc.deb
      Size/MD5:   316844 4f5ad0b8d5e671a406649676888791db

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.diff.gz
      Size/MD5:   468953 1518e1cadad0e69bb1e18c77a8a2a06e
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.dsc
      Size/MD5:      867 f46814c20c38efc63d212d05714461d1
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz
      Size/MD5:  1360574 5418f9f7fe99e4f10bb82d9fe504138a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   962792 193171868a6d8c3c9908b68d7a58c14a
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   532830 762026328217e82db42fe6ddb98bfc2b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_amd64.deb
      Size/MD5:   500920 2f42ee2f548bc1defc33ed4b15b06315

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   838756 deaa721cec3ccdcec72787e6fac539dc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   486042 22d3b5160b983dae1217c1cf19a6f9bc
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_i386.deb
      Size/MD5:   456818 b3209b05b1650d878954debe4868531b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   940686 efe340e32c9834dc455e8a2482fdacb3
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   526556 864fd3fff50a9eb90f70b9db021515f4
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_powerpc.deb
      Size/MD5:   494276 622cf9cc8104add8e865391b7f73be0c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   855364 6876997d628b53ec054552687e5ab6c2
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   492036 818b124ffe5d635e7639271b51d11f4b
    http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_sparc.deb
      Size/MD5:   462198 2eea31b7278678dd215fa85b2cd0dcf8


--U+NfgObvpQT1Q9Yq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFbJ9NH/9LqRcGPm0RAjThAJ0eQNNMl3U5NyN9ENWefaEsnPsKXQCghWWs
agPmHcFqTsbYGGBelbl5cks=KeR/
-----END PGP SIGNATURE-----

--U+NfgObvpQT1Q9Yq--


--==============41019195=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============41019195==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.