openSUSE Security Update: dovecot20 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0219-1 Rating: moderate References: #732050 Cross-References: CVE-2011-4318 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: In proxy mode dovecot did not verify that the SSL certificate of the remote actually matched the server name. Dovecot was updated to version 2.0.16 which fixes the problem. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dovecot20-5546 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 2.0.16]: dovecot20-2.0.16-0.2.1 dovecot20-backend-mysql-2.0.16-0.2.1 dovecot20-backend-pgsql-2.0.16-0.2.1 dovecot20-backend-sqlite-2.0.16-0.2.1 dovecot20-devel-2.0.16-0.2.1 dovecot20-fts-solr-2.0.16-0.2.1 References: http://support.novell.com/security/cve/CVE-2011-4318.html https://bugzilla.novell.com/732050