=========================================================== Ubuntu Security Notice USN-387-1 November 28, 2006 dovecot vulnerability CVE-2006-5973 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dovecot-common 1.0.beta3-3ubuntu5.4 Ubuntu 6.10: dovecot-common 1.0.rc2-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.diff.gz Size/MD5: 472729 09b338e6892e572e2e9d91ec22a5f05e http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2-1ubuntu2.1.dsc Size/MD5: 900 da748b07fc335d054629a3cb1446a63e http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.rc2.orig.tar.gz Size/MD5: 1257435 e27a248b2ee224e4618aa2f020150041 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_amd64.deb Size/MD5: 936252 52c327408a863459f9fcb2a42039bffc http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_amd64.deb Size/MD5: 386922 0811212d24e3f5f4d8460f2b3627b443 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_amd64.deb Size/MD5: 353150 a7f7601e4552eff649aeda9f7ef49350 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_i386.deb Size/MD5: 833658 e8185521fb7cf53f1c78ccd95f6f9eef http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_i386.deb Size/MD5: 354136 d89074a01b639a0403394895c47efac4 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_i386.deb Size/MD5: 323488 9d248269d8a33944a06d619affd62e28 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_powerpc.deb Size/MD5: 924944 9bda9397cc41f6e515d474d1f335d49c http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_powerpc.deb Size/MD5: 385242 cc72e58c0d04d0271c8b7cc8a303fc77 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_powerpc.deb Size/MD5: 351952 2bef7431d4c0861d9edd30119bed79f0 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.rc2-1ubuntu2.1_sparc.deb Size/MD5: 820430 e28f7336281cdd54c556b9c9ba011819 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.rc2-1ubuntu2.1_sparc.deb Size/MD5: 347692 e162121eefe72311585b90c3c6718124 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.rc2-1ubuntu2.1_sparc.deb Size/MD5: 316844 4f5ad0b8d5e671a406649676888791db Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.diff.gz Size/MD5: 468953 1518e1cadad0e69bb1e18c77a8a2a06e http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3-3ubuntu5.4.dsc Size/MD5: 867 f46814c20c38efc63d212d05714461d1 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_1.0.beta3.orig.tar.gz Size/MD5: 1360574 5418f9f7fe99e4f10bb82d9fe504138a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_amd64.deb Size/MD5: 962792 193171868a6d8c3c9908b68d7a58c14a http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_amd64.deb Size/MD5: 532830 762026328217e82db42fe6ddb98bfc2b http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_amd64.deb Size/MD5: 500920 2f42ee2f548bc1defc33ed4b15b06315 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_i386.deb Size/MD5: 838756 deaa721cec3ccdcec72787e6fac539dc http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_i386.deb Size/MD5: 486042 22d3b5160b983dae1217c1cf19a6f9bc http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_i386.deb Size/MD5: 456818 b3209b05b1650d878954debe4868531b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_powerpc.deb Size/MD5: 940686 efe340e32c9834dc455e8a2482fdacb3 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_powerpc.deb Size/MD5: 526556 864fd3fff50a9eb90f70b9db021515f4 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_powerpc.deb Size/MD5: 494276 622cf9cc8104add8e865391b7f73be0c sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-common_1.0.beta3-3ubuntu5.4_sparc.deb Size/MD5: 855364 6876997d628b53ec054552687e5ab6c2 http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-imapd_1.0.beta3-3ubuntu5.4_sparc.deb Size/MD5: 492036 818b124ffe5d635e7639271b51d11f4b http://security.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot-pop3d_1.0.beta3-3ubuntu5.4_sparc.deb Size/MD5: 462198 2eea31b7278678dd215fa85b2cd0dcf8