Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA-200803-25 Normal: Dovecot Info Disclosure and Injection

gentoo
Calendar Grey March 18, 2008
Dist Gentoo Esm H88
Dovecot on Gentoo presents two vulnerabilities that lead to unauthorized data access and command injection. Users are advised to apply the latest updates.
Two vulnerabilities in Dovecot allow for information disclosure and argument injection.

Summary

Gentoo Linux Security Advisory GLSA 200803-25 https://security.gentoo.org/ Severity: Normal Title: Dovecot: Multiple vulnerabilities Date: March 18, 2008 Bugs: #212336, #213030 ID: 200803-25

Synopsis ======= Two vulnerabilities in Dovecot allow for information disclosure and argument injection.
Background ========= Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail server.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/dovecot < 1.0.13-r1 >= 1.0.13-r1
========== Dovecot uses the group configured via the "mail_extra_groups" setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo information disclosure mail server dovecot normal severity argument injection

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo information disclosure mail server dovecot normal severity argument injection

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here