Описание
ELSA-2013-0520: dovecot security and bug fix update (LOW)
[1:2.0.9-5]
- script-login did not drop privileges correctly (#709095)
- fix directory traversal due to not obeying chroot directive (#709097)
- check proxy destination host against SSL certificate name (#754980)
[1:2.0.9-4]
- dovecot may not set correct premissions for mail folder (#697620)
[1:2.0.9-3]
- fix potential crash when parsing header names that contain NUL characters (#728673)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
dovecot
2.0.9-5.el6
dovecot-devel
2.0.9-5.el6
dovecot-mysql
2.0.9-5.el6
dovecot-pgsql
2.0.9-5.el6
dovecot-pigeonhole
2.0.9-5.el6
Oracle Linux i686
dovecot
2.0.9-5.el6
dovecot-devel
2.0.9-5.el6
dovecot-mysql
2.0.9-5.el6
dovecot-pgsql
2.0.9-5.el6
dovecot-pigeonhole
2.0.9-5.el6
Связанные CVE
Связанные уязвимости
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.