Описание
ELSA-2011-0600: dovecot security and enhancement update (MODERATE)
[2.0.9-2]
- fix issues and assert crashes found in 2.0.9 (lmtp,dotlock,zlib)
[2.0.9-1]
- dovecot updated to 2.0.9
- fixed a high system CPU usage / high context switch count performance problem
- lda: Fixed a crash when trying to send 'out of quota' reply
[2.0.8-1]
- dovecot updated to 2.0.8 (fixes #654226), pigeonhole updated to 0.2.2
- IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of changes w ere being sent.
- Fixed leaking fds when writing to dovecot.mailbox.log.
- Fixed rare dovecot.index.cache corruption
- zlib: Fixed several crashes, which mainly showed up with mbox.
- acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy.
- mdbox: Fixed potential assert-crash when saving multiple messages in one transaction
- dsync: a lot of fixes
- fixed lda + sieve crash
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dovecot
2.0.9-2.el6
dovecot-devel
2.0.9-2.el6
dovecot-mysql
2.0.9-2.el6
dovecot-pgsql
2.0.9-2.el6
dovecot-pigeonhole
2.0.9-2.el6
Oracle Linux i686
dovecot
2.0.9-2.el6
dovecot-devel
2.0.9-2.el6
dovecot-mysql
2.0.9-2.el6
dovecot-pgsql
2.0.9-2.el6
dovecot-pigeonhole
2.0.9-2.el6
Связанные CVE
Связанные уязвимости
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.