Jump to content

Advisories MDVSA-2010:196: dovecot


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in dovecot:

 

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot

1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,

allow context-dependent attackers to cause a denial of service

(crash) and possibly execute arbitrary code via a crafted SIEVE

script, as demonstrated by forwarding an e-mail message to a large

number of recipients, a different vulnerability than CVE-2009-2632

(CVE-2009-3235).

 

Packages for 2009.1 were missing with the previous MDVSA-2009:242

update. This update corrects this.

 

This update provides a solution to this vulnerability.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...