bh: doc/www/src/security kolab-vendor-notice-08.txt,1.2,1.3
cvs at intevation.de
cvs at intevation.de
Fri Jan 13 20:35:12 CET 2006
Author: bh
Update of /kolabrepository/doc/www/src/security
In directory doto:/tmp/cvs-serv17716/www/src/security
Modified Files:
kolab-vendor-notice-08.txt
Log Message:
sign the security notice
Index: kolab-vendor-notice-08.txt
===================================================================
RCS file: /kolabrepository/doc/www/src/security/kolab-vendor-notice-08.txt,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- kolab-vendor-notice-08.txt 12 Jan 2006 21:05:28 -0000 1.2
+++ kolab-vendor-notice-08.txt 13 Jan 2006 19:35:10 -0000 1.3
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
Kolab Security Issue 08 20060113
================================
@@ -10,7 +13,7 @@
Details
--------
+- -------
With the default configuration of the Kolab server, when a client
connects to port 465 for secure SMTP and tries to authenticate itself
@@ -22,7 +25,7 @@
You can change this with chmod and in /kolab/etc/fsl/fsl.postfix.
Affected Versions
------------------
+- -----------------
Vulnerable: Stable Kolab Servers 2.0.1 2.0.2
Untested: Kolab Server 2.0
@@ -30,7 +33,7 @@
Vulnerable: Development Kolab Servers <= pre-2.1-20051215
Fixes
------
+- -----
Upgrade to Kolab Server 2.0.3
@@ -38,9 +41,16 @@
in the master.cf.template and then run kolabconf to refresh postfix.
Timeline
---------
+- --------
2005-11-02 Issue968 was filed, assumed logging only on failure.
2005-12-19 Discovered that logging happened alway.
2006-01-04 Security implications of world readable logfile noticed.
2006-01-11 Analysis, fix and new server release with fix.
2006-01-13 Advisory published.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (GNU/Linux)
+
+iD8DBQFDyADQ0vCiU5+ISsgRAgfsAJ0bqau6XerXsXk5VIO4L0rOT+DK1ACcDY4l
+919ok7QQhuz/ntulPfNugKA=
+=vTb2
+-----END PGP SIGNATURE-----
More information about the commits
mailing list