http://secunia.com/advisories/54438/
Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):
This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump.
Hi Timo,
Thanks for the info, the version of dovecot installed is
root@gwvmdmzmail01:~# dovecot --version 1.2.15 root@gwvmdmzmail01:~#
Whats the safest way, without loosing data or breaking the mail system is recommended to upgrade dovecot to version 2.2.5?
many thanks
~Jay
From: tss@iki.fi Date: Wed, 14 Aug 2013 13:14:17 +0300 To: dovecot@dovecot.org Subject: [Dovecot] SA54438
http://secunia.com/advisories/54438/
Since I already got 3 private mails about this, here's the same reply for everyone (actually updated, now that I looked at the code):
This was a v2.2-only bug. And it isn't really a DoS.. It only caused the one pop3 process to crash in assert, which was handling only the connection that had already disconnected. (Unless you were running a non-recommended configuration with multiple clients per process.) So the only problem it caused was that Dovecot logged an assert error and maybe wrote a core dump.
On 2013-08-14 6:48 AM, Jay Khashan jkhashan@msn.com wrote:
Whats the safest way, without loosing data or breaking the mail system is recommended to upgrade dovecot to version 2.2.5?
Follow the documented instructions?
http://wiki2.dovecot.org/Upgrading
--
Best regards,
*/Charles/*
participants (3)
-
Charles Marcus
-
Jay Khashan
-
Timo Sirainen