USN-387-1: Dovecot vulnerability

28 November 2006

dovecot vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

Details

Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option “mmap_disable=yes” were vulnerable.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
dovecot-common - 1.0.rc2-1ubuntu2.1
Ubuntu 6.06 LTS
dovecot-common - 1.0.beta3-3ubuntu5.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References