Summary
The remote host is missing updates announced in
advisory GLSA 201110-04.
Solution
All Dovecot 1 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.2.17'
All Dovecot 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-mail/dovecot-2.0.13'
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no
longer affected by this issue.
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-04 http://bugs.gentoo.org/show_bug.cgi?id=286844
http://bugs.gentoo.org/show_bug.cgi?id=293954
http://bugs.gentoo.org/show_bug.cgi?id=314533
http://bugs.gentoo.org/show_bug.cgi?id=368653
Insight
Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code.
Severity
Classification
-
CVE CVE-2009-3235, CVE-2009-3897, CVE-2010-0745, CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779, CVE-2010-3780, CVE-2011-1929, CVE-2011-2166, CVE-2011-2167 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities