Fedora 26: Addressing Dovecot Security Advisory for DoS Threat

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security

primarily in mind. It also contains a small POP3 server. It supports mail

in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

+ quota: Add plugin { quota_max_mail_size } setting to limit the maximum

individual mail size that can be saved. + imapc: Add imapc_features=delay-login. If set, connecting to the remote IMAP server isn't done until it's

necessary. + imapc: Add imapc_connection_retry_count and

imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add

(deinit) to process title before autoexpunging runs. + Added %{encrypt} and

%{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human-readable string. + imap/pop3-login: All forward_* extra fields returned by

passdb are sent to the next hop when proxying using ID/XCLIENT commands. On

the receiving side these fields are imported and sent to auth process

where they're accessible via %{passdb:forward_*}. This is done only if the

sending IP address matches login_trusted_networks. + imap-login: If

imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id}

expands to it in auth process. The ID string is also sent to the next hop

when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation.

- fts-tika: Fixed crash when parsing attachment without Content-Disposition

header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When

passdb/userdb lookups were done via auth-workers, too much data was added to

auth cache. This could have resulted in wrong replies when using multiple

passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the

first passdb - oauth2: Various fixes, including fixes to crashes - dsync:

Large Sieve scripts (or other large metadata) weren't always synced. - Index

rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate:

%{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't

preserved when proxying commands via doveadm-server. Almost all errors used

exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated

mailboxes. - Fixed a potential crash when parsing a broken message header. -cassandra: Fallback consistency settings weren't working correctly. - doveadm

director status : "Initial config" was always empty - imapc: Various

reconnection fixes.

[ 1 ] Bug #1441457 - CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was used for authentication [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1441457

su -c 'dnf upgrade dovecot' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org