You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa dovecot

Sigurnosni nedostatak programskog paketa dovecot

——————————————————————————–
Fedora Update Notification
FEDORA-2017-da4ed58fd5
2017-04-27 14:02:15.390632
——————————————————————————–

Name        : dovecot
Product     : Fedora 24
Version     : 2.2.29.1
Release     : 1.fc24
URL         : http://www.dovecot.org/
Summary     : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

——————————————————————————–
Update Information:

  + quota: Add plugin { quota_max_mail_size } setting to limit the    maximum
individual mail size that can be saved.  + imapc: Add imapc_features=delay-
login. If set, connecting to the    remote IMAP server isn’t done until it’s
necessary.  + imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.  + imap, pop3, indexer-worker: Add
(deinit) to process title before    autoexpunging runs.  + Added %{encrypt} and
%{decrypt} variables  + imap/pop3 proxy: Log proxy state in errors as human-
readable string.  + imap/pop3-login: All forward_* extra fields returned by
passdb are    sent to the next hop when proxying using ID/XCLIENT commands. On
the    receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only    if the
sending IP address matches login_trusted_networks.  + imap-login: If
imap_id_retain=yes, send the IMAP ID string to    auth process. %{client_id}
expands to it in auth process. The ID    string is also sent to the next hop
when proxying.  + passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without    Content-Disposition
header. Broken by 2.2.28.  – trash plugin was broken in 2.2.28  – auth: When
passdb/userdb lookups were done via auth-workers, too much    data was added to
auth cache. This could have resulted in wrong    replies when using multiple
passdbs/userdbs.  – auth: passdb { skip & mechanisms } were ignored for the
first passdb  – oauth2: Various fixes, including fixes to crashes  – dsync:
Large Sieve scripts (or other large metadata) weren’t always    synced.  – Index
rebuild (e.g. doveadm force-resync) set all mails as \Recent  – imap-hibernate:
%{userdb:*} wasn’t expanded in mail_log_prefix  – doveadm: Exit codes weren’t
preserved when proxying commands via    doveadm-server. Almost all errors used
exit code 75 (tempfail).  – ACLs weren’t applied to not-yet-existing autocreated
mailboxes.  – Fixed a potential crash when parsing a broken message header.  –
cassandra: Fallback consistency settings weren’t working correctly.  – doveadm
director status <user>: “Initial config” was always empty  – imapc: Various
reconnection fixes.
——————————————————————————–
References:

  [ 1 ] Bug #1441457 – CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was used for authentication [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1441457
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade dovecot’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2017-6ef28e38d6
2017-04-27 00:38:46.159117
——————————————————————————–

Name : dovecot
Product : Fedora 25
Version : 2.2.29.1
Release : 1.fc25
URL : http://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

——————————————————————————–
Update Information:

+ quota: Add plugin { quota_max_mail_size } setting to limit the maximum
individual mail size that can be saved. + imapc: Add imapc_features=delay-
login. If set, connecting to the remote IMAP server isn’t done until it’s
necessary. + imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add
(deinit) to process title before autoexpunging runs. + Added %{encrypt} and
%{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human-
readable string. + imap/pop3-login: All forward_* extra fields returned by
passdb are sent to the next hop when proxying using ID/XCLIENT commands. On
the receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only if the
sending IP address matches login_trusted_networks. + imap-login: If
imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id}
expands to it in auth process. The ID string is also sent to the next hop
when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without Content-Disposition
header. Broken by 2.2.28. – trash plugin was broken in 2.2.28 – auth: When
passdb/userdb lookups were done via auth-workers, too much data was added to
auth cache. This could have resulted in wrong replies when using multiple
passdbs/userdbs. – auth: passdb { skip & mechanisms } were ignored for the
first passdb – oauth2: Various fixes, including fixes to crashes – dsync:
Large Sieve scripts (or other large metadata) weren’t always synced. – Index
rebuild (e.g. doveadm force-resync) set all mails as \Recent – imap-hibernate:
%{userdb:*} wasn’t expanded in mail_log_prefix – doveadm: Exit codes weren’t
preserved when proxying commands via doveadm-server. Almost all errors used
exit code 75 (tempfail). – ACLs weren’t applied to not-yet-existing autocreated
mailboxes. – Fixed a potential crash when parsing a broken message header. –
cassandra: Fallback consistency settings weren’t working correctly. – doveadm
director status <user>: “Initial config” was always empty – imapc: Various
reconnection fixes.
——————————————————————————–
References:

[ 1 ] Bug #1441457 – CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was used for authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1441457
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade dovecot’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python-django

Otkriveni su sigurnosni nedostaci u programskom paketu python-django za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje XSS napada,...

Close