_______________________________________________________________________
Package : dovecot
Date : September 22, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in dovecot:
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3235
_______________________________________________________________________