Red Hat Bugzilla – Bug 572268
CVE-2010-0745 Dovecot: DoS (excessive CPU use) by processing email message with huge header
Last modified: 2010-04-03 12:21:03 EDT
Dovecot upstream has released latest v1.2.11 version:
addressing one denial of service issue (from upstream announcement):
"mbox users really should upgrade, because by sending a message with a
huge header you could basically cause a DoS (this problem exists only
with v1.2.x, not with v1.0 or v1.1)."
This issue did NOT affect the versions of the dovecot package,
as shipped with Red Hat Enteprise Linux 4 and 5.
This issue is scheduled to be addressed within following versions
of the dovecot package, as shipped with Fedora:
1, dovecot-1.2.11-1.fc11 for Fedora 11
2, dovecot-1.2.11-1.fc12 for Fedora 12
dovecot 1.2.11 is stable in F11 - F13.
This is CVE-2010-0745.