Debians sikkerhedsbulletin
DSA-1457-1 dovecot -- programmeringsfejl
- Rapporteret den:
- 9. jan 2008
- Berørte pakker:
- dovecot
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2007-6598.
- Yderligere oplysninger:
-
Man har opdaget at Dovecot, en POP3- og IMAP-server, når den blev anvendt med LDAP-autentifikation og en
base
indeholdende variabler, kunne gøre det muligt for en bruger at logge ind på en anden bruges konto med den samme adgangskode.Den gamle stabile distribution (sarge) er ikke påvirket.
I den stabile distribution (etch), er dette problem rettet i version 1.0.rc15-2etch3.
I den ustabile distribution (sid), er dette problem rettet i version 1.0.10-1.
Vi anbefaler at du opgraderer dine dovecot-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (stable)
- Kildekode:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch2.diff.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch3.diff.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch3.dsc
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch2.dsc
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.