Bulletin d'alerte Debian
DSA-1892-1 dovecot -- Dépassement de tampon
- Date du rapport :
- 23 septembre 2009
- Paquets concernés :
- dovecot
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le système de suivi des bogues Debian : Bogue 546656.
Dans le dictionnaire CVE du Mitre : CVE-2009-2632, CVE-2009-3235. - Plus de précisions :
-
Le composant SIEVE de Dovecot, un serveur de messagerie qui gère les boîtes aux lettres aux formats mbox et maildir, est vulnérable à un dépassement de tampon lors du traitement des scripts SIEVE. Cela peut être utilisé pour augmenter ses droits au niveau de l'utilisateur système dovecot. Un attaquant pouvant installer des scripts SIEVE exécutés par le serveur est par conséquent capable de lire et modifier des messages arbitraires sur le système.
Pour la distribution oldstable (Etch), ce problème a été corrigé dans la version 1.0.rc15-2etch5.
Pour la distribution stable (Lenny), ce problème a été corrigé dans la version 1:1.0.15-2.3+lenny1.
Pour la distribution testing (Squeeze) et la distribution unstable (Sid), ce problème a été corrigé dans la version 1:1.2.1-1.
Nous vous recommandons de mettre à jour vos paquets dovecot.
- Corrigé dans :
-
Debian GNU/Linux 4.0 (etch)
- Source :
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.diff.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.dsc
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_ia64.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_s390.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_s390.deb
Debian GNU/Linux 5.0 (lenny)
- Source :
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15.orig.tar.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.dsc
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_armel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.