Описание
ELSA-2008-0297: dovecot security and bug fix update (LOW)
[1.0.7-2]
- LDAP+auth cache user login mixup (CVE-2007-6598, #427575)
- insecure mail_extra_groups option (CVE-2008-1199, #436927)
[1.0.7-1]
- update to latest upstream, fixes a few bugs (#331441, #245249), plus two security vulnerabilities (CVE-2007-2231, CVE-2007-4211)
- increased default login_process_size to 64 (#253363)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
dovecot
1.0.7-2.el5
Oracle Linux i386
dovecot
1.0.7-2.el5
Связанные CVE
Связанные уязвимости
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot before 1.0.10, with certain configuration options including us ...
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.