Multiple vulnerabilities were found in Dovecot, the worst of which allowing for remote execution of arbitrary code.
Package | net-mail/dovecot on all architectures |
---|---|
Affected versions | < 2.0.13 |
Unaffected versions | revision >= 1.2.17 >= 2.0.13 |
Dovecot is an IMAP and POP3 server written with security primarily in mind.
Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details.
A remote attacker could exploit these vulnerabilities to cause the remote execution of arbitrary code, or a Denial of Service condition, to conduct directory traversal attacks, corrupt data, or disclose information.
There is no known workaround at this time.
All Dovecot 1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-1.2.17"
All Dovecot 2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.0.13"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 28, 2011. It is likely that your system is already no longer affected by this issue.