[Dovecot] v2.0.13 problems after kernel patch for CVE-2011-1083 applied on Centos 5

Timo Sirainen tss at iki.fi
Sat Feb 25 08:49:10 EET 2012


On 25.2.2012, at 8.32, Doug Henderson wrote:

>>> [8irgehuq] CVE-2011-1083: Algorithmic denial of service in epoll.
>>> 
>>> After ksplice automatically installed the above patch on our mail servers, most/all IMAP/POP3 connections began experiencing time-outs trying to connect, or extreme timeouts in the auth procedure.
>> 
>> I'd guess this patch is already in new Linux kernel versions, so other people should have seen any problems caused by it?
> 
> Actually, it was only released a couple of days ago (2/21) by redhat for EL 5.8
> see: https://rhn.redhat.com/errata/RHSA-2012-0150.html

Yes, but CVE-2011-1083 shows it was reported almost a year ago, so I'd think it was fixed in upstream kernel a long time ago. I'm running in my desktop about 2 months old kernel (from git) and I don't see any problems with it. But yeah, maybe Redhat's patches did it differently than upstream kernel and it broke because of that..



More information about the dovecot mailing list