From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Virus-Scanned: amavisd-new at X-Virus-Scanned: amavisd-new at Date: Thu, 30 Oct 2008 06:57:13 -0400 (EDT) From: seriv@parkheights.dyndns.org To: sisyphus@lists.altlinux.org Message-ID: <231270407.431225364233473.JavaMail.root@parkheights.dyndns.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [192.168.10.10] X-Mailer: Zimbra 5.0.10_GA_2609.RHEL5_64 (ZimbraWebClient - SAF3 (Mac)/5.0.10_GA_2609.RHEL5_64) Cc: ALT Linux Community , ALT Linux sysadmin discuss Subject: [sisyphus] I: dovecot-1.1.6-alt1 fix security problem in 1.1.{4, 5} version X-BeenThere: sisyphus@lists.altlinux.org X-Mailman-Version: 2.1.10b3 Precedence: list Reply-To: ALT Linux Sisyphus discussions List-Id: ALT Linux Sisyphus discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2008 10:57:23 -0000 Archived-At: List-Archive: List-Post: =D0=92=D1=81=D0=B5=D0=BC =D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82! =D0=92 =D1=81=D0=B8=D0=B7=D0=B8=D1=84 =D0=BD=D0=B0=D0=BF=D1=80=D0=B0=D0=B2= =D0=BB=D0=B5=D0=BD =D0=B8 =D0=BF=D1=80=D0=BE=D1=88=D1=91=D0=BB =D1=81=D0=B1= =D0=BE=D1=80=D0=BA=D1=83 =D0=B2 incoming =D0=BF=D0=B0=D0=BA=D0=B5=D1=82 dov= ecot-1.1.6-alt1. =D0=92 =D0=BD=D1=91=D0=BC =D0=B8=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5= =D0=BD=D0=B0 =D0=BF=D0=BE=D1=8F=D0=B2=D0=B8=D0=B2=D1=88=D0=B0=D1=8F=D1=81= =D1=8F =D0=B2 1.1.4 =D0=BE=D1=88=D0=B8=D0=B1=D0=BA=D0=B0 =D0=B2 =D0=BE=D0= =B1=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=BA=D0=B5 =D0=BD=D0=B5=D0=BF=D1=80=D0= =B0=D0=B2=D0=B8=D0=BB=D1=8C=D0=BD=D0=BE =D1=81=D1=84=D0=BE=D1=80=D0=BC=D0= =B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D0=BE=D0=B3=D0=BE =D0=B0=D0=B4=D1= =80=D0=B5=D1=81=D0=B0 =D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8=D1= =8F. =D0=9A=D0=B0=D0=BA =D0=BF=D0=B8=D1=88=D0=B5=D1=82 =D0=A2=D0=B8=D0=BC=D0=BE,= =D1=8D=D1=82=D0=BE =D0=B8=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD= =D0=B8=D0=B5 =D0=B2=D0=B0=D0=B6=D0=BD=D0=BE, =D1=82=D0=B0=D0=BA =D0=BA=D0= =B0=D0=BA =D1=83=D0=B4=D0=B0=D0=BB=D1=91=D0=BD=D0=BD=D1=8B=D0=B9 =D0=BF=D0= =BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C =D0=BC=D0= =BE=D0=B3 =D0=BF=D0=BE=D1=81=D0=BB=D0=B0=D1=82=D1=8C =D0=BF=D0=B8=D1=81=D1= =8C=D0=BC=D0=BE =D1=81 =D0=BF=D0=BE=D0=BB=D0=B5=D0=BC, =D0=BD=D0=B0=D0=BF= =D1=80=D0=B8=D0=BC=D0=B5=D1=80, "From: (", =D0=B8 =D1=8D=D1=82=D0=BE =D0=BF= =D1=80=D0=B8=D0=B2=D0=B5=D0=BB=D0=BE =D0=B1=D1=8B =D0=BA =D0=BF=D0=BE=D0=BB= =D0=BD=D0=BE=D0=B9 =D0=B1=D0=BB=D0=BE=D0=BA=D0=B8=D1=80=D0=BE=D0=B2=D0=BA= =D0=B5 =D0=BF=D0=BE=D1=87=D1=82=D0=BE=D0=B2=D0=BE=D0=B3=D0=BE =D1=8F=D1=89= =D0=B8=D0=BA=D0=B0 =D1=81=D0=BE=D0=B4=D0=B5=D1=80=D0=B6=D0=B0=D1=89=D0=B5= =D0=B3=D0=BE =D1=8D=D1=82=D0=BE =D0=BF=D0=B8=D1=81=D1=8C=D0=BC=D0=BE, =D1= =82=D0=B0=D0=BA =D0=BA=D0=B0=D0=BA =D0=BF=D1=80=D0=B8 =D0=BA=D0=B0=D0=B6=D0= =B4=D0=BE=D0=BC =D0=BE=D0=B1=D1=80=D0=B0=D1=89=D0=B5=D0=BD=D0=B8=D0=B8 =D0= =BA =D0=BD=D0=B5=D0=BC=D1=83 =D0=BF=D1=80=D0=BE=D1=86=D0=B5=D1=81=D1=81 =D0= =B1=D1=8B =D0=B7=D0=B0=D0=B2=D0=B5=D1=80=D1=88=D0=B0=D0=BB=D1=81=D1=8F =D0= =B0=D0=B2=D0=B0=D1=80=D0=B8=D0=B9=D0=BD=D0=BE. =D0=AD=D1=82=D0=BE =D0=B1=D1= =8B=D0=BB=D0=BE =D0=B2=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D1=82=D0= =BE=D0=BB=D1=8C=D0=BA=D0=BE =D0=BF=D1=80=D0=B8 =D1=83=D1=81=D0=BB=D0=BE=D0= =B2=D0=B8=D0=B8 =D1=87=D1=82=D0=BE =D0=BF=D0=BE=D1=87=D1=82=D0=BE=D0=B2=D1= =8B=D0=B9 =D0=BA=D0=BB=D0=B8=D0=B5=D0=BD=D1=82 =D0=B8=D1=81=D0=BF=D0=BE=D0= =BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=BB "FETCH ENVELOPE" =D0=BA=D0=BE=D0=BC= =D0=B0=D0=BD=D0=B4=D1=83, =D0=B8 =D1=82=D0=BE=D0=BB=D1=8C=D0=BA=D0=BE =D0= =B2 =D0=B2=D0=B5=D1=80=D1=81=D0=B8=D1=8F=D1=85 1.1.4 =D0=B8 1.1.5 =D0=92=D1=81=D0=B5=D0=BC =D0=BA=D1=82=D0=BE =D0=B8=D1=81=D0=BF=D0=BE=D0=BB= =D1=8C=D0=B7=D1=83=D0=B5=D1=82 =D0=B2=D0=B5=D1=80=D1=81=D0=B8=D1=8E dovecot= -1.1.4-alt1 =D1=80=D0=B5=D0=BA=D0=BE=D0=BC=D0=B5=D0=BD=D0=B4=D1=83=D0=B5=D1= =82=D1=81=D1=8F =D0=BE=D0=B1=D1=80=D0=BE=D0=B2=D0=B8=D1=82=D1=8C=D1=81=D1= =8F. --=20 =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9 ----- "Timo Sirainen" wrote: > http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz > http://dovecot.org/releases/1.1/dovecot-1.1.6.tar.gz.sig >=20 > The invalid message address parsing bug is pretty important since it > allows a remote user to send broken mail headers and prevent the > recipient from accessing the mailbox afterwards, because the process > will always just crash trying to parse the header. This is assuming > that > the IMAP client uses FETCH ENVELOPE command, not all do. Note that it > doesn't affect versions older than v1.1.4. >=20 > =09+ dovecot -n and -a now prints some system information at the top. > =09+ More error/debug message logging improvements. > =09- pop3-login: Fixed assert-crash if a client sent > USER+PASS+USER+PASS > =09 commands in the same IP packet. > =09- Parsing an invalid message address like "From: (" caused an > =09 assert-crash in v1.1.4 and v1.1.5. > =09- Folding whitespace wasn't handled correctly inside quoted-strings, > =09 causing some messages to be parsed incorrectly. > =09- mbox: Fixed saving messages that begin with a valid From_-line. >=20 >=20 > _______________________________________________ > Dovecot-news mailing list > Dovecot-news@dovecot.org > http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news