Skip to navigation

Security Advisory Moderate: dovecot security and enhancement update

Advisory: RHSA-2011:0600-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-05-19
Last updated on: 2011-05-19
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-3707
CVE-2010-3780

Details

Updated dovecot packages that fix two security issues and add one
enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Dovecot is an IMAP server for Linux, UNIX, and similar operating systems,
primarily written with security in mind.

A flaw was found in the way Dovecot handled SIGCHLD signals. If a large
amount of IMAP or POP3 session disconnects caused the Dovecot master
process to receive these signals rapidly, it could cause the master process
to crash. (CVE-2010-3780)

A flaw was found in the way Dovecot processed multiple Access Control Lists
(ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the
more specific ACL entry, possibly resulting in more access being granted to
the user than intended. (CVE-2010-3707)

This update also adds the following enhancement:

* This erratum upgrades Dovecot to upstream version 2.0.9, providing
multiple fixes for the "dsync" utility and improving overall performance.
Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing
this update for further information about the changes. (BZ#637056)

Users of dovecot are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement. After installing the updated
packages, the dovecot service will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
dovecot-2.0.9-2.el6.src.rpm
File outdated by:  RHBA-2013:1736
    MD5: 5262ed1caa027972c8445626cd74f040
SHA-256: 513e9fc2304bb5f3e64cb39c9a7e75e8560305c4dbf21c41819b63e59790dbad
 
IA-32:
dovecot-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f25bf8f69dd80c7ed4efc93badeffa5c
SHA-256: 3a3c0c0ee668b10a937825440d801369934ecfd11fe84d38f60dc7f7dc10a931
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 4ad99ba0892bd14e81ff15034241ffba
SHA-256: 243d1f74ee15dd0f97339be72ee325097712148e949405828d026f2e00e589a8
dovecot-devel-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f343c2a2db8d8e1ab79ff05f1816cbb1
SHA-256: bc27886a0203d4f30a64eb026f44f2202a18200c7f7b5c73fc7cd715c012c81a
dovecot-mysql-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 40010e836eed08bef5b9b2743025a6bb
SHA-256: 058e3ba81374dd3fe74c514964a0691349d9cb46ff2fd09df1cb45675ee7a902
dovecot-pgsql-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 6f428a05bb76ff0aa555c309bc88040d
SHA-256: bb0a38115e14d1df250ab44056c246e91d688dcf27ad1b3662a2eebbfd39fb2a
dovecot-pigeonhole-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 3e9ed956cc35242ea92acb0ecface54a
SHA-256: c034ab81221f44ebf74cfe1125dc0c877edc8ce292b46a7428e0ac029b4c0f02
 
PPC:
dovecot-2.0.9-2.el6.ppc.rpm
File outdated by:  RHBA-2013:1736
    MD5: 93894a397a690fdab63782122c8c7580
SHA-256: fa08f85d2de1d3de2214c6280bfd87f9199f1f39c95308033fe84e6bd9207af1
dovecot-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: c3ebe5c70429b6c39c60bc6e9c80b0d9
SHA-256: d3c4136edcd1dc20fcdf080575ea85c393be840455f6398729b350e9f5d14f17
dovecot-debuginfo-2.0.9-2.el6.ppc.rpm
File outdated by:  RHBA-2013:1736
    MD5: b4e62b7308513e2c617f9db5c906f357
SHA-256: 5a3a4c26ebdd2ed502692aa4c48db7aae7642ae925e148980f297cb14eddcdda
dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: d71c2032bcdeea49631befc7f36824c4
SHA-256: 115f2d43fec46df04406420d15a690a5d160aad08e083328f79294c8e81a9050
dovecot-devel-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 021c7e8ab6221e2b3814f14623cf5c58
SHA-256: 7863a83b3095d7bbafb00ed4454ca3806d8a1a1854655f409cf285f3bed94407
dovecot-mysql-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: dc1bb93337718bcbd4dededbf4bfe337
SHA-256: 9bd46b05f2a0a0806994f96920cd2cd5382fd5d662ef0c732b754689a0ebd40e
dovecot-pgsql-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 06d65cc10da46cf4e4268d961d1550a9
SHA-256: 3e4244656c782803182bbd121077afc316355bccaffb0e3a58f4bbc44b4bd536
dovecot-pigeonhole-2.0.9-2.el6.ppc64.rpm
File outdated by:  RHBA-2013:1736
    MD5: eff4b9456e124efee3bbe561e4d42e7a
SHA-256: ce9638228f1a8659e0b61bdcc57ae9eb0c5b7d0260f0d76908cf972ea069506f
 
s390x:
dovecot-2.0.9-2.el6.s390.rpm
File outdated by:  RHBA-2013:1736
    MD5: 0185ba861b0ff21b989ab676b2acc1aa
SHA-256: 5a64b0a593e593a90afbda8947c769e2ebc2adfcdacc01035a37f3ba48791bdf
dovecot-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: 3d952d8da693fabd172ca3252f6b27f1
SHA-256: eb73a11223ecb26dedba1179cfffb961c2374e984d4303269b9b1a2938f9a9b6
dovecot-debuginfo-2.0.9-2.el6.s390.rpm
File outdated by:  RHBA-2013:1736
    MD5: 7136819a19640b212d749e3f963293fa
SHA-256: d242aa5a2c5551742e0925e33e3bd5ba3b52e16348e0d1f071023db01477789a
dovecot-debuginfo-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: 661f89a39c3e303d90732a9ba29d1a67
SHA-256: b46ba6085ac025834c633d59b83c0d1da42b9f331e682e976ba64762f851f5ad
dovecot-devel-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: 3ff272da65b18810c0cf993ced3d82ed
SHA-256: 9189a1c3776fc1157948b4f0133937476e00918e350c2ebf5f389800afc8c2df
dovecot-mysql-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: a6e9fbbb3463419fd9700fde6900854c
SHA-256: ed741234efd2f86cb8286ec387628e39c052de231c57e413ca8b8b830f9c6964
dovecot-pgsql-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: 4d112654e84d3365ca8a7e88cd9b44df
SHA-256: 5ecabf0e23d3b313de424c7cdf86b74516868259a11b6fa2fb03724f6a4540dd
dovecot-pigeonhole-2.0.9-2.el6.s390x.rpm
File outdated by:  RHBA-2013:1736
    MD5: 36cc259546e21847128d599ca5c80582
SHA-256: 9adcc4256ab737692be5115fe2805817d3f1808e1d94a9eb9c376a185561a348
 
x86_64:
dovecot-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f25bf8f69dd80c7ed4efc93badeffa5c
SHA-256: 3a3c0c0ee668b10a937825440d801369934ecfd11fe84d38f60dc7f7dc10a931
dovecot-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 1ddab9929fd16fd18d7a853a77d29678
SHA-256: 75cd20a74c7a7049dd59b56fb214a0cac98157117c875ffa8c0d8bc14c96da50
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 4ad99ba0892bd14e81ff15034241ffba
SHA-256: 243d1f74ee15dd0f97339be72ee325097712148e949405828d026f2e00e589a8
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 1a50fed673c8c786ba1a2112d8b276a6
SHA-256: b0ed3ada17362f1bb8b49830e81fb6c36d139941cb9e5f18a3e942a747f25cd7
dovecot-devel-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 51d93f110bf277f732839a11c1bb0d3a
SHA-256: bcb5ea45e38eb80b8f203f57d536a2c3ecf50c8e1d3a0251af7fc6bd4ae4a641
dovecot-mysql-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 53fff1b432d366ac9021c8d122477bb2
SHA-256: 7cb49d467dfde4a32041708ad3ef72a8f66dd772cc4144ff9afa340c818dcb3e
dovecot-pgsql-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 288668e1d207c73195d065170b0108e4
SHA-256: 9c235c589cafbeea93763abfd586adb3cb501ae8aa939860c7302adbfdd98975
dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 708a7056e958c0eba11ac95ea155d5f7
SHA-256: 8bd1719a8be55116ae4997485de99b7e8b749af6566d4eff23f07aa254466fe0
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
dovecot-2.0.9-2.el6.src.rpm
File outdated by:  RHBA-2013:1736
    MD5: 5262ed1caa027972c8445626cd74f040
SHA-256: 513e9fc2304bb5f3e64cb39c9a7e75e8560305c4dbf21c41819b63e59790dbad
 
IA-32:
dovecot-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f25bf8f69dd80c7ed4efc93badeffa5c
SHA-256: 3a3c0c0ee668b10a937825440d801369934ecfd11fe84d38f60dc7f7dc10a931
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 4ad99ba0892bd14e81ff15034241ffba
SHA-256: 243d1f74ee15dd0f97339be72ee325097712148e949405828d026f2e00e589a8
dovecot-devel-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f343c2a2db8d8e1ab79ff05f1816cbb1
SHA-256: bc27886a0203d4f30a64eb026f44f2202a18200c7f7b5c73fc7cd715c012c81a
dovecot-mysql-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 40010e836eed08bef5b9b2743025a6bb
SHA-256: 058e3ba81374dd3fe74c514964a0691349d9cb46ff2fd09df1cb45675ee7a902
dovecot-pgsql-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 6f428a05bb76ff0aa555c309bc88040d
SHA-256: bb0a38115e14d1df250ab44056c246e91d688dcf27ad1b3662a2eebbfd39fb2a
dovecot-pigeonhole-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 3e9ed956cc35242ea92acb0ecface54a
SHA-256: c034ab81221f44ebf74cfe1125dc0c877edc8ce292b46a7428e0ac029b4c0f02
 
x86_64:
dovecot-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: f25bf8f69dd80c7ed4efc93badeffa5c
SHA-256: 3a3c0c0ee668b10a937825440d801369934ecfd11fe84d38f60dc7f7dc10a931
dovecot-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 1ddab9929fd16fd18d7a853a77d29678
SHA-256: 75cd20a74c7a7049dd59b56fb214a0cac98157117c875ffa8c0d8bc14c96da50
dovecot-debuginfo-2.0.9-2.el6.i686.rpm
File outdated by:  RHBA-2013:1736
    MD5: 4ad99ba0892bd14e81ff15034241ffba
SHA-256: 243d1f74ee15dd0f97339be72ee325097712148e949405828d026f2e00e589a8
dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 1a50fed673c8c786ba1a2112d8b276a6
SHA-256: b0ed3ada17362f1bb8b49830e81fb6c36d139941cb9e5f18a3e942a747f25cd7
dovecot-devel-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 51d93f110bf277f732839a11c1bb0d3a
SHA-256: bcb5ea45e38eb80b8f203f57d536a2c3ecf50c8e1d3a0251af7fc6bd4ae4a641
dovecot-mysql-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 53fff1b432d366ac9021c8d122477bb2
SHA-256: 7cb49d467dfde4a32041708ad3ef72a8f66dd772cc4144ff9afa340c818dcb3e
dovecot-pgsql-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 288668e1d207c73195d065170b0108e4
SHA-256: 9c235c589cafbeea93763abfd586adb3cb501ae8aa939860c7302adbfdd98975
dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm
File outdated by:  RHBA-2013:1736
    MD5: 708a7056e958c0eba11ac95ea155d5f7
SHA-256: 8bd1719a8be55116ae4997485de99b7e8b749af6566d4eff23f07aa254466fe0
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

637056 - rebase dovecot to 2.0 final
640410 - CVE-2010-3707 Dovecot: Failed to properly update ACL cache, when multiple rules defined rights for one subject
641276 - CVE-2010-3780 Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/