ELSA-2009-0205

ELSA-2009-0205 - dovecot security and bug fix update

Type:SECURITY
Severity:LOW
Release Date:2009-01-27

Description


[1.0.7-7]
- permissions of deliver and dovecot.conf from 1.0.7-5 reverted
- password can be stored in different file readable only for root now
- Resolves: #436287, CVE-2008-4870

[1.0.7-6]
- added missing directory in file list
- Resolves: #436287

[1.0.7-5]
- change permissions of deliver and dovecot.conf to prevent possible password ex
posure
- Resolves: #436287

[1.0.7-4]
- fix handling of negative rights in the ACL plugin
- Resolves: #469015, CVE-2008-4577

[1.0.7-3]
- fix package ownership for /etc/pki/dovecot/private (#448089)
- update init script (#238016)
- ask for SSL cert password during start-up (#436287)
- fix for illegal characters in passwd (#439369)
- Resolves: #448089, #238016, #436287, #439369


Related CVEs


CVE-2008-4577
CVE-2008-4870

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) dovecot-1.0.7-7.el5.src.rpmf4a961fe297de41f0a926f81c0506cb9ELEA-2014-1898
dovecot-1.0.7-7.el5.i386.rpmddaab3899b9256c950b9caa46f0b8320ELEA-2014-1898
Oracle Linux 5 (ia64) dovecot-1.0.7-7.el5.src.rpmf4a961fe297de41f0a926f81c0506cb9ELEA-2014-1898
dovecot-1.0.7-7.el5.ia64.rpm75d5f9e58f592acb90cc8681e1e22a97ELEA-2014-1898
Oracle Linux 5 (x86_64) dovecot-1.0.7-7.el5.src.rpmf4a961fe297de41f0a926f81c0506cb9ELEA-2014-1898
dovecot-1.0.7-7.el5.x86_64.rpmfdfc729517952ed13bac0224f456fe72ELEA-2014-1898



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete