Ubuntu Security Notice 3258-2 - USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.
aeb7eb5a4c7e0c1d570d72040645a8653b06cc2f415273328b2ef5fddc33d78f
==========================================================================
Ubuntu Security Notice USN-3258-2
April 11, 2017
dovecot regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
USN-3258-1 introduced a regression in Dovecot.
Software Description:
- dovecot: IMAP and POP3 email server
Details:
USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation
revealed that only Dovecot versions 2.2.26 and newer were affected by the
vulnerability. Additionally, the change introduced a regression when Dovecot
was configured to use the "dict" authentication database. This update reverts
the change. We apologize for the inconvenience.
Original advisory details:
It was discovered that Dovecot incorrectly handled some usernames. An attacker
could possibly use this issue to cause Dovecot to hang or crash, resulting in a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
dovecot-core 1:2.2.24-1ubuntu1.3
Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3258-2
http://www.ubuntu.com/usn/usn-3258-1
CVE-2017-2669
Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.24-1ubuntu1.3
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.4
--y0ulUmNC+osPPQO6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJY7TREAAoJENaSAD2qAscKORUQAMLW1NzXA0tEc1ibk3vNvn98
Si8Aw3blnSmLWIZSxfBWQV2XtuElM0wP/NJf8KkK8Ze4uu87txokxbw30KWJJ1Ye
Sy91MXStuVuaZe8oxyF3Y6BrqZU/M0eQwICyxaxa3VBDo/Xf0E/VGXUxQNLNHTWp
e2W+EbZsbqr1KTXGcY/6syKP/E4IrR4btJ3ndyzdo+LKpHg5GWObpf5Y4RsNZlWr
yIycv7mCWSVKacd1m8dPJlppStJ9X4SzRdo+ZosEOhb9h35tEELSfNUhneDyGLA5
c4wkCbejG27zdfXtQJAX96fuRSsdD+srtnQedIluGs4rfFQwNB924bHHJo0rwrU/
5To+VNcHgcYwOYi7ypoKO66fUI8kMbOKOk5nrLNyrwdlQnVBFAxxPjKCoBfFKJzW
arKYtXohr0aHKzNc5rhbfqabGSb4O+J4gZBVNH2Y2SBcVmsKESuR1BU8/d84aoSQ
/GLVFEWouh8lTRW7l00UZOgOLXTQjHpe7ifObspQG27yI8xZBlBt14lYRVVv/7uf
5tDCdUv3z7q2bmNIOuSbeysL9KRGHCgrJtlkAqrYgt+RZtYYTOWtvn9K7QS37qHN
I14Z7NsE038rpPhaWeAFJiMiQ0MxKrP1jMsNo1ADzvWjLf9GF9Q2nOe6gkX+9cKy
t9XIcldVQU+DL1ymvxgE
=sr4r
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--