dovecot security update

2011-08-19T08:26:31
ID CESA-2011:1187
Type centos
Reporter CentOS Project
Modified 2011-09-22T06:00:29

Description

CentOS Errata and Security Advisory CESA-2011:1187

Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind.

A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. (CVE-2011-1929)

Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2011-August/017700.html http://lists.centos.org/pipermail/centos-announce/2011-August/017701.html http://lists.centos.org/pipermail/centos-announce/2011-September/017807.html http://lists.centos.org/pipermail/centos-announce/2011-September/017808.html http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000198.html http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000199.html

Affected packages: dovecot

Upstream details at: https://rhn.redhat.com/errata/RHSA-2011-1187.html