Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code.
|Package||net-mail/dovecot on all architectures|
|Affected versions||< 2.0.13|
|Unaffected versions||revision >= 1.2.17
Dovecot is an IMAP and POP3 server written with security primarily in mind.
Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details.
A remote attacker could exploit these vulnerabilities to cause the remote execution of arbitrary code, or a Denial of Service condition, to conduct directory traversal attacks, corrupt data, or disclose information.
There is no known workaround at this time.
All Dovecot 1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.2.17"
All Dovecot 2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.0.13"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no longer affected by this issue.