[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for dovecot

Marco Nenciarini uploaded new packages for dovecot which fix the
following security problem:


  Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of
  certain directories at installation time, which allows local users to
  access arbitrary user accounts by replacing the auth socket, related
  to the parent directories of the base_dir directory, and possibly the
  base_dir directory itself.

For the lenny-backports distribution the problems have been fixed in
version 1:1.2.8-1~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install dovecot-common
dovecot-imapd dovecot-pop3d" with the packagelist of your installed
packages affected by this update.

[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed  backports will be installed automatically.

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

Reply to: