Mandriva Update For Dovecot MDVSA-2011:101 (dovecot) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been identified and fixed in dovecot: lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle &amp #039 \0&amp #039 (NUL) characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message (CVE-2011-1929). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php\?cPath=149\&amp amp products_id=490 The updated packages have been patched to correct this issue.

Affected

dovecot on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-1929
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:054 (nagios)
Mandrake Security Advisory MDVSA-2009:186 (firebird)
Mandrake Security Advisory MDVSA-2009:037 (bind)

Mandriva Update for dovecot MDVSA-2011:101 (dovecot)

Take action and discover your vulnerabilities