14 DAY TRIAL // Canonical published some details yesterday about a Dovecot vulnerability in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
The developers from Canonical have been busy these last couple of days and they've released a few updates for a number of packages, closing some vulnerabilities in the process.
According to the security notice, “It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service.”
For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest dovecot-pop3d, dovecot-imapd, and dovecot-imapd packages specific to each distribution. To apply the patch, run the Update Manager application.
If you don't want to use the Software Updater, you can do this from a terminal. Open a terminal and enter the following commands:
sudo apt-get update sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. You won't have to restart the computer like in the case of a kernel update.