Описание
ELSA-2009-0205: dovecot security and bug fix update (LOW)
[1.0.7-7]
- permissions of deliver and dovecot.conf from 1.0.7-5 reverted
- password can be stored in different file readable only for root now
- Resolves: #436287, CVE-2008-4870
[1.0.7-6]
- added missing directory in file list
- Resolves: #436287
[1.0.7-5]
- change permissions of deliver and dovecot.conf to prevent possible password ex posure
- Resolves: #436287
[1.0.7-4]
- fix handling of negative rights in the ACL plugin
- Resolves: #469015, CVE-2008-4577
[1.0.7-3]
- fix package ownership for /etc/pki/dovecot/private (#448089)
- update init script (#238016)
- ask for SSL cert password during start-up (#436287)
- fix for illegal characters in passwd (#439369)
- Resolves: #448089, #238016, #436287, #439369
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
dovecot
1.0.7-7.el5
Oracle Linux x86_64
dovecot
1.0.7-7.el5
Oracle Linux i386
dovecot
1.0.7-7.el5
Связанные CVE
Связанные уязвимости
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.