Enhancement Advisory dovecot enhancement update

Advisory: RHEA-2008:0718-4
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2008-07-24
Last updated on: 2008-07-24
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A

Details

An updated dovecot package that adds enhancements is now available.

Dovecot is an IMAP server for Linux and UNIX® operating systems, written
with security in mind.

This updated package adds the following enhancements:

* in the previous package, Dovecot was unable to recognize the SSHA digest.
This may have caused authentication problems if Dovecot was configured to
authenticate against an LDAP directory that used the SSHA digest. An
"Unknown password scheme SSHA" error may have occurred. In this updated
package, support for the SSHA digest has been added.

* the "ssl_cipher_list" option has been backported. This option is
configured in "dovecot.conf", and can be configured to prevent SSL and TLS
from allowing low encryption cipher-negotiations.

Users of dovecot are advised to upgrade to this updated package, which
adds these enhancements.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
dovecot-0.99.11-9.EL4.src.rpm     89753dbf98dc321e8a7699d9fbb2be7c
 
IA-32:
dovecot-0.99.11-9.EL4.i386.rpm     a50772fe0b27514522fa8771a155df7c
 
x86_64:
dovecot-0.99.11-9.EL4.x86_64.rpm     d473d9b084876beea279fea5daed575a
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
dovecot-0.99.11-9.EL4.src.rpm     89753dbf98dc321e8a7699d9fbb2be7c
 
IA-32:
dovecot-0.99.11-9.EL4.i386.rpm     a50772fe0b27514522fa8771a155df7c
 
IA-64:
dovecot-0.99.11-9.EL4.ia64.rpm     dd6946fbff8795ec03ddde9e93b676b3
 
PPC:
dovecot-0.99.11-9.EL4.ppc.rpm     e48211e0d6b4224500f3e4afc1bfa410
 
s390:
dovecot-0.99.11-9.EL4.s390.rpm     21a057f44fb2f24c0a2fdb031b9b5730
 
s390x:
dovecot-0.99.11-9.EL4.s390x.rpm     d4fb82e17f1830ce916c5b17eaa92e78
 
x86_64:
dovecot-0.99.11-9.EL4.x86_64.rpm     d473d9b084876beea279fea5daed575a
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
dovecot-0.99.11-9.EL4.src.rpm     89753dbf98dc321e8a7699d9fbb2be7c
 
IA-32:
dovecot-0.99.11-9.EL4.i386.rpm     a50772fe0b27514522fa8771a155df7c
 
IA-64:
dovecot-0.99.11-9.EL4.ia64.rpm     dd6946fbff8795ec03ddde9e93b676b3
 
x86_64:
dovecot-0.99.11-9.EL4.x86_64.rpm     d473d9b084876beea279fea5daed575a
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
dovecot-0.99.11-9.EL4.src.rpm     89753dbf98dc321e8a7699d9fbb2be7c
 
IA-32:
dovecot-0.99.11-9.EL4.i386.rpm     a50772fe0b27514522fa8771a155df7c
 
IA-64:
dovecot-0.99.11-9.EL4.ia64.rpm     dd6946fbff8795ec03ddde9e93b676b3
 
x86_64:
dovecot-0.99.11-9.EL4.x86_64.rpm     d473d9b084876beea279fea5daed575a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

205331 - Dovecot doesn't recognise SSHA digest


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/