Test ID:	1.3.6.1.4.1.25623.1.0.62965
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200812-16 (dovecot)
Summary:	The remote host is missing updates announced in;advisory GLSA 200812-16.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200812-16. Vulnerability Insight: Multiple vulnerabilities were found in the Dovecot mailserver. Solution: All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/dovecot-1.1.7-r1' Users should be aware that dovecot.conf will still be world-readable after the update. If employing ssl_key_password, it should not be used in dovecot.conf but in a separate file which should be included with 'include_try'. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4577 31587 http://www.securityfocus.com/bid/31587 32164 http://secunia.com/advisories/32164 32471 http://secunia.com/advisories/32471 33149 http://secunia.com/advisories/33149 33624 http://secunia.com/advisories/33624 36904 http://secunia.com/advisories/36904 ADV-2008-2745 http://www.vupen.com/english/advisories/2008/2745 FEDORA-2008-9202 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00816.html FEDORA-2008-9232 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00844.html GLSA-200812-16 http://security.gentoo.org/glsa/glsa-200812-16.xml MDVSA-2008:232 http://www.mandriva.com/security/advisories?name=MDVSA-2008:232 RHSA-2009:0205 http://www.redhat.com/support/errata/RHSA-2009-0205.html SUSE-SR:2009:004 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html USN-838-1 http://www.ubuntu.com/usn/USN-838-1 [Dovecot-news] 20081005 v1.1.4 released http://www.dovecot.org/list/dovecot-news/2008-October/000085.html http://bugs.gentoo.org/show_bug.cgi?id=240409 oval:org.mitre.oval:def:10376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10376 Common Vulnerability Exposure (CVE) ID: CVE-2008-4578 20081119 Re: [ MDVSA-2008:232 ] dovecot http://www.securityfocus.com/archive/1/498498/100/0/threaded dovecot-acl-mailbox-security-bypass(45669) https://exchange.xforce.ibmcloud.com/vulnerabilities/45669 Common Vulnerability Exposure (CVE) ID: CVE-2008-4870 http://www.openwall.com/lists/oss-security/2008/10/29/10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10776 XForce ISS Database: dovecot-dovecot-information-disclosure(46323) https://exchange.xforce.ibmcloud.com/vulnerabilities/46323 Common Vulnerability Exposure (CVE) ID: CVE-2008-4907 BugTraq ID: 31997 http://www.securityfocus.com/bid/31997 http://www.dovecot.org/list/dovecot-news/2008-October/000089.html http://secunia.com/advisories/32479 http://secunia.com/advisories/32677 http://www.ubuntu.com/usn/usn-666-1 XForce ISS Database: dovecot-mail-header-dos(46227) https://exchange.xforce.ibmcloud.com/vulnerabilities/46227
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.