[Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5

Morten Stevens mstevens at imt-systems.com
Sat Feb 25 13:15:49 EET 2012


On 25.02.2012 07:32, Doug Henderson wrote:
> On Feb 24, 2012, at 4:39 PM, Timo Sirainen wrote:
>
>> On 25.2.2012, at 0.49, Doug Henderson wrote:
>>
>>> [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll.
>>>
>>> After ksplice automatically installed the above patch on our mail 
>>> servers, most/all IMAP/POP3 connections began experiencing time-outs 
>>> trying to connect, or extreme timeouts in the auth procedure.
>>
>> I'd guess this patch is already in new Linux kernel versions, so 
>> other people should have seen any problems caused by it?
>
> Actually, it was only released a couple of days ago (2/21) by redhat
> for EL 5.8
> see: https://rhn.redhat.com/errata/RHSA-2012-0150.html
>
> "A flaw was found in the way the Linux kernel's Event Poll (epoll)
> subsystem handled large, nested epoll structures. A local, 
> unprivileged
> user could use this flaw to cause a denial of service. 
> (CVE-2011-1083,
> Moderate)"
>
> Our automated patching (ksplice) installed it at around 10am PST 
> today.
>
> Other distributions may vary.

Try it without ksplice. (yum update and reboot)

Which kernel is running exactly?

Best regards,

Morten


More information about the dovecot mailing list