LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-81 (dovecot)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-81] Dovecot: man-in-the-middle attack 


Date:
    	      Tue, 21 Jun 2011 16:06:02 +0300


Message-ID:
    	      <201106211606.02702.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-81            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-06-03
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been  found  in  Dovecot,  which  can  be  used  by 
man-in-the-middle attackers to spoof arbitrary SSL servers. 


Description
===========

CVE-2011-1094: 

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1  does  not 
properly verify that the server hostname matches the domain name of the 
subject  of an  X.509  certificate,  which  allows   man-in-the-middle  
attackers to spoof arbitrary SSL servers via a certificate issued by  a 
legitimate Certification Authority  for  an  IP  address,  a  different 
vulnerability than CVE-2009-2702. 



Affected packages:

  Pardus 2009:
    dovecot, all before 1.1.18-23-4


Resolution
==========

There are update(s) for dovecot. You can update them via Package Manager
or with a single command from console: 

    pisi up dovecot

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18171

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds