Gentoo Security Advisory GLSA 200812-16 (dovecot) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200812-16.

Solution

All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.1.7-r1' Users should be aware that dovecot.conf will still be world-readable after the update. If employing ssl_key_password, it should not be used in dovecot.conf but in a separate file which should be included with 'include_try'. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-16 http://bugs.gentoo.org/show_bug.cgi?id=240409 http://bugs.gentoo.org/show_bug.cgi?id=244962 http://bugs.gentoo.org/show_bug.cgi?id=245316

Insight

Multiple vulnerabilities were found in the Dovecot mailserver.

Severity

Classification

CVE CVE-2008-4577, CVE-2008-4578, CVE-2008-4870, CVE-2008-4907

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-04 (FreeRADIUS)
Gentoo Security Advisory GLSA 200502-13 (Perl)
Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS)
Gentoo Security Advisory GLSA 200404-18 (ssmtp)
Gentoo Security Advisory GLSA 200402-03 (monkeyd)

Take action and discover your vulnerabilities