Gentoo Security Advisory GLSA 201110-04 (Dovecot) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201110-04.

Solution

All Dovecot 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.2.17' All Dovecot 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-2.0.13' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no longer affected by this issue. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-04 http://bugs.gentoo.org/show_bug.cgi?id=286844 http://bugs.gentoo.org/show_bug.cgi?id=293954 http://bugs.gentoo.org/show_bug.cgi?id=314533 http://bugs.gentoo.org/show_bug.cgi?id=368653

Insight

Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code.

Severity

Classification

CVE CVE-2009-3235, CVE-2009-3897, CVE-2010-0745, CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779, CVE-2010-3780, CVE-2011-1929, CVE-2011-2166, CVE-2011-2167

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities