[SECURITY] Fedora 16 Update: dovecot-2.0.21-4.fc16

updates at fedoraproject.org updates at fedoraproject.org
Sat Jan 5 06:59:16 UTC 2013


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-19752
2012-12-05 06:29:58
--------------------------------------------------------------------------------

Name        : dovecot
Product     : Fedora 16
Version     : 2.0.21
Release     : 4.fc16
URL         : http://www.dovecot.org/
Summary     : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

- do not crash during mail search (CVE-2012-5620)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  4 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-4
- do not crash during mail search (CVE-2012-5620)
* Mon Nov 12 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-3
- fix network still not ready race condition (#871623)
* Fri Nov  2 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-2
- add reload command to service file
* Tue Jul  3 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-1
- dovecot updated to 2.0.21
- imap-login: Memory leak fixed
- imap: Non-UTF8 input on SEARCH command parameters could have crashed
- auth: Fixed crash with DIGEST-MD5 when attempting to do master user
  login without master passdbs.
- sdbox: Don't use more fds than necessary when copying mails.
- mdbox kept the user's storage locked a bit longer than it needed to
* Tue Apr 10 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.20-1
- dovecot updated to 2.0.20
- doveadm import didn't import messages' flags
- Make sure IMAP clients can't create directories when accessing
  nonexistent users' mailboxes via shared namespace.
- Dovecot auth clients authenticating via TCP socket could have failed
  with bogus "PID already in use" errors.
* Fri Mar 16 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.19-1
- dovecot updated to 2.0.19, pigeonhole updated to 0.2.6
- IMAP: ENABLE CONDSTORE/QRESYNC + STATUS for a mailbox might not
  have seen latest external changes to it, like new mails.
- imap_id_* settings were ignored before login.
- doveadm altmove did too much work sometimes, retrying moves it had already done.
- mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
* Mon Feb 13 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.18-1
- dovecot updated to 2.0.18
- LDA/LMTP: Sending a large mail via submission_host or via LMTP proxy
  may have caused a hang.
- fixed dbox + mail_attachment_dir + zlib problems.
- login processes weren't logging all intended messages with auth_verbose=yes
- IMAP: THREAD REFS sometimes returned invalid (0) nodes.
- IMAP: CONTEXT search return option wasn't handled at all.
- dbox: Various error handling fixes.
* Mon Jan  9 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.17-1
- dovecot updated to 2.0.17, pigeonhole updated to 0.2.5
- Fixed memory leaks in login processes with SSL connections
- vpopmail support was broken in v2.0.16
* Fri Dec  2 2011 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.16-2
- call systemd reload in postun
* Mon Nov 21 2011 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.16-1
- dovecot updated to 2.0.16
* Mon Oct 24 2011 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.15-2
- do not use obsolete settings in default configuration (#743444)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #883060 - CVE-2012-5620 dovecot: DoS when handling a search for multiple keywords
        https://bugzilla.redhat.com/show_bug.cgi?id=883060
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dovecot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list