what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-101

Mandriva Linux Security Advisory 2011-101
Posted May 26, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1929
SHA-256 | 35441f3acca0c62584cc4ccaf85769dcc37fed324a8a8c976f3e8c4d50eeaf10

Mandriva Linux Security Advisory 2011-101

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:101
http://www.mandriva.com/security/
_______________________________________________________________________

Package : dovecot
Date : May 26, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been identified and fixed in dovecot:

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and
2.0.x before 2.0.13 does not properly handle '\0' (NUL) characters
in header names, which allows remote attackers to cause a denial of
service (daemon crash or mailbox corruption) via a crafted e-mail
message (CVE-2011-1929).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1929
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
21c523280a532bca1549cd2d6620f017 2009.0/i586/dovecot-1.1.6-0.4mdv2009.0.i586.rpm
28f6e482c8d788e5e782f7fe60cb51dd 2009.0/i586/dovecot-devel-1.1.6-0.4mdv2009.0.i586.rpm
f75ed118bcd8afb93f651b71707e6b30 2009.0/i586/dovecot-plugins-gssapi-1.1.6-0.4mdv2009.0.i586.rpm
83ab2ceabf79c74fbd7c8152c9032832 2009.0/i586/dovecot-plugins-ldap-1.1.6-0.4mdv2009.0.i586.rpm
0f5ab891bc89f805c9b1e6352dfe76e3 2009.0/SRPMS/dovecot-1.1.6-0.4mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
01313d55d32d9d7b3efbe8c4af0d5846 2009.0/x86_64/dovecot-1.1.6-0.4mdv2009.0.x86_64.rpm
6275b3aa59917489444151f6e1f7ad1a 2009.0/x86_64/dovecot-devel-1.1.6-0.4mdv2009.0.x86_64.rpm
09d94ab4097397822513927f43be979f 2009.0/x86_64/dovecot-plugins-gssapi-1.1.6-0.4mdv2009.0.x86_64.rpm
0f853a96ffc71160346e8b1e20ee8c23 2009.0/x86_64/dovecot-plugins-ldap-1.1.6-0.4mdv2009.0.x86_64.rpm
0f5ab891bc89f805c9b1e6352dfe76e3 2009.0/SRPMS/dovecot-1.1.6-0.4mdv2009.0.src.rpm

Mandriva Linux 2010.1:
c20c01837cb34db6f0cf84228cc72bf3 2010.1/i586/dovecot-1.2.15-0.2mdv2010.2.i586.rpm
aee42d23be9ec20bb806652475cd5855 2010.1/i586/dovecot-devel-1.2.15-0.2mdv2010.2.i586.rpm
e7cc9fd905959b139f51c7227f0aa0cc 2010.1/i586/dovecot-plugins-gssapi-1.2.15-0.2mdv2010.2.i586.rpm
5c4b18fd9aac03b1da511f5982b2110c 2010.1/i586/dovecot-plugins-ldap-1.2.15-0.2mdv2010.2.i586.rpm
2025b378dd4026154817bd122c265f9d 2010.1/i586/dovecot-plugins-managesieve-1.2.15-0.2mdv2010.2.i586.rpm
7100d1058b5364e31ea09e8f3fc3ed07 2010.1/i586/dovecot-plugins-mysql-1.2.15-0.2mdv2010.2.i586.rpm
85a8c46868db30507dec6a69c2c87cf3 2010.1/i586/dovecot-plugins-pgsql-1.2.15-0.2mdv2010.2.i586.rpm
c55c50ce2cc24ee141b1a31f25bf280a 2010.1/i586/dovecot-plugins-sieve-1.2.15-0.2mdv2010.2.i586.rpm
59f3f89c09790dc2c5297c3b6f2f7ff9 2010.1/i586/dovecot-plugins-sqlite-1.2.15-0.2mdv2010.2.i586.rpm
40d6d69185673abea00a515899083fda 2010.1/SRPMS/dovecot-1.2.15-0.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
7d8a197c83d50e3313ddda5bea6f6914 2010.1/x86_64/dovecot-1.2.15-0.2mdv2010.2.x86_64.rpm
260181fc437f05075a784a17ad7ac563 2010.1/x86_64/dovecot-devel-1.2.15-0.2mdv2010.2.x86_64.rpm
1de0be6e0508baa67a4adcff4e392e48 2010.1/x86_64/dovecot-plugins-gssapi-1.2.15-0.2mdv2010.2.x86_64.rpm
ec01ff2c8ba7aeb1659a140ca0a65a79 2010.1/x86_64/dovecot-plugins-ldap-1.2.15-0.2mdv2010.2.x86_64.rpm
f7ef975718bd9dde0baf78e44f835f40 2010.1/x86_64/dovecot-plugins-managesieve-1.2.15-0.2mdv2010.2.x86_64.rpm
8f02ab80253bf9cfdb1a8615a1609745 2010.1/x86_64/dovecot-plugins-mysql-1.2.15-0.2mdv2010.2.x86_64.rpm
7fb61fb5880669a60f466def532a0ca8 2010.1/x86_64/dovecot-plugins-pgsql-1.2.15-0.2mdv2010.2.x86_64.rpm
71b8afbe2d8466889a1c6d26999d2f84 2010.1/x86_64/dovecot-plugins-sieve-1.2.15-0.2mdv2010.2.x86_64.rpm
b2f766a7ff3327b953c8206c6fd98a9d 2010.1/x86_64/dovecot-plugins-sqlite-1.2.15-0.2mdv2010.2.x86_64.rpm
40d6d69185673abea00a515899083fda 2010.1/SRPMS/dovecot-1.2.15-0.2mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
5db708bec8b22ae2ed3e853fd3b2e557 mes5/i586/dovecot-1.1.6-0.4mdvmes5.2.i586.rpm
ad1babe1622ee32bd7022e2af385bb9a mes5/i586/dovecot-devel-1.1.6-0.4mdvmes5.2.i586.rpm
1ce3969455f2225b0a6c77b766c83b3e mes5/i586/dovecot-plugins-gssapi-1.1.6-0.4mdvmes5.2.i586.rpm
4fcb2af78e94a7e3240e534e10584052 mes5/i586/dovecot-plugins-ldap-1.1.6-0.4mdvmes5.2.i586.rpm
fe2800f588d5ff9f2be3da549b62534f mes5/SRPMS/dovecot-1.1.6-0.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
a597739b9220abf26e33b21b767d7745 mes5/x86_64/dovecot-1.1.6-0.4mdvmes5.2.x86_64.rpm
6f83a1c86785d2374ac631249ff4eb3d mes5/x86_64/dovecot-devel-1.1.6-0.4mdvmes5.2.x86_64.rpm
3e07cfdac2d0e40f2a77e9978318b022 mes5/x86_64/dovecot-plugins-gssapi-1.1.6-0.4mdvmes5.2.x86_64.rpm
7314fa4487025f1b70fa0fba97bc0f71 mes5/x86_64/dovecot-plugins-ldap-1.1.6-0.4mdvmes5.2.x86_64.rpm
fe2800f588d5ff9f2be3da549b62534f mes5/SRPMS/dovecot-1.1.6-0.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN3e9VmqjQ0CJFipgRAjwfAJ95TzNOzqcOHVs9I3gIj1PqbuH6+gCfaxLM
TC22GorN3moiTA4Ska8YOLU=
=2Q1M
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close