Linux Security
Linux Security
Linux Security

Debian: New dovecot packages fix directory traversal

Date 28 May 2006
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1080-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                                 Steve Kemp
May 29th, 2006                
- --------------------------------------------------------------------------

Package        : dovecot
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2414

A problem has been discovered in the IMAP component of Dovecot, a
secure mail server that supports mbox and maildir mailboxes, which can
lead to information disclosure via directory traversal by
authenticated users.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.99.14-1sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 1.0beta8-1.

We recommend that you upgrade your dovecot-imapd package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      760 5365f712ee15d1c3b825af2ef95f583e
      Size/MD5 checksum:    26557 e30859421db7ebe8478dacb02110f3f0
      Size/MD5 checksum:   871285 a12e26fd378a46c31ec3a81ab7b55b5b

  Architecture independent components:
      Size/MD5 checksum:     7516 b6813e75e60e5094ac114fcc198d2ea2

  Alpha architecture:
      Size/MD5 checksum:   283796 06751f47fe61b4f9fd410cd055288be2
      Size/MD5 checksum:   364838 e6e564cf60e92b4bd12f5209f56ed4c1
      Size/MD5 checksum:   331290 e6bf35a49d23636b53378e996ce9c1d2

  AMD64 architecture:
      Size/MD5 checksum:   258846 990b811364af83c3223e6a733fb6856b
      Size/MD5 checksum:   311520 642e17490997baa93857b282c4b13f7a
      Size/MD5 checksum:   285308 6ea57ba9b419b77964812a93f959b98c

  ARM architecture:
      Size/MD5 checksum:   244796 64574178089a5c8ee75912adbe0aaf33
      Size/MD5 checksum:   289624 5d4b172a52f4f23d9702348d03b35ff3
      Size/MD5 checksum:   265496 3284fc52fd054f5545e8327cc0d39e7a

  Intel IA-32 architecture:
      Size/MD5 checksum:   245230 ba2e1bccd3d12180c2ec50d41102dde7
      Size/MD5 checksum:   292656 00c0245e231a07bc05104c2b3113951b
      Size/MD5 checksum:   268158 9c061cc01ca82178530b6c47aad1120c

  Intel IA-64 architecture:
      Size/MD5 checksum:   308824 fab290d2d317aa96a0111129214cf05e
      Size/MD5 checksum:   429626 287f26ebef5de68a0867ef38fcba4aa0
      Size/MD5 checksum:   389276 f4cc53876bae4f3780eeb89465700c8f

  HP Precision architecture:
      Size/MD5 checksum:   263982 2fefd32583dfff8410dbe14bc32c9771
      Size/MD5 checksum:   329758 1375b56509aee5b605ef3a290469d43c
      Size/MD5 checksum:   301158 504332dbc815999c61b48d3eac4fb7a3

  Motorola 680x0 architecture:
      Size/MD5 checksum:   234130 a45c037148354769c27892781267485a
      Size/MD5 checksum:   265658 a37e2a5eaa09a604dda421fafbd26b0c
      Size/MD5 checksum:   243988 648469b9fdc01db53d142388b8cc2455

  Big endian MIPS architecture:
      Size/MD5 checksum:   266612 709081de9bbd89abf7e604415c084336
      Size/MD5 checksum:   335312 cd3c144f32e7e2f8b051c4038729d0db
      Size/MD5 checksum:   306346 324926cc8cd59c1752c28a5a5e3c82f0

  Little endian MIPS architecture:
      Size/MD5 checksum:   266570 cf6172ff278d730828743d8d5c225c30
      Size/MD5 checksum:   335318 48895c1e7d38310df3438b06c0bd0255
      Size/MD5 checksum:   306390 0ad05fa2956bf634ab4ee5cb644f6776

  PowerPC architecture:
      Size/MD5 checksum:   256774 4545dd863436ac5725b98dbfec1cd25e
      Size/MD5 checksum:   313862 2df352eced7aff6eda4e6e516b94c402
      Size/MD5 checksum:   286772 06b25b73ede373b9b9bda930dc4afef9

  IBM S/390 architecture:
      Size/MD5 checksum:   265964 9b18cdf5194db5a614e98c1a2e14f176
      Size/MD5 checksum:   325310 a732511d63ed64239df43d09c0cd1afd
      Size/MD5 checksum:   297864 ebcf6c73b0b94f6b9fee1c85a04f4824

  Sun Sparc architecture:
      Size/MD5 checksum:   244540 87bb459d4c1eb6ed335dd57fee3fed0c
      Size/MD5 checksum:   291136 5abab794ab7a53e83190a38a7185e648
      Size/MD5 checksum:   266018 c63b900e49e4769200aef6db7b6bccf0

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.