Описание
ELSA-2019-2836: dovecot security update (IMPORTANT)
[1:2.2.36-3.1]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1751383)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
dovecot
2.2.36-3.el7_7.1
dovecot-devel
2.2.36-3.el7_7.1
dovecot-mysql
2.2.36-3.el7_7.1
dovecot-pgsql
2.2.36-3.el7_7.1
dovecot-pigeonhole
2.2.36-3.el7_7.1
Oracle Linux x86_64
dovecot
2.2.36-3.el7_7.1
dovecot-devel
2.2.36-3.el7_7.1
dovecot-mysql
2.2.36-3.el7_7.1
dovecot-pgsql
2.2.36-3.el7_7.1
dovecot-pigeonhole
2.2.36-3.el7_7.1
Связанные CVE
Связанные уязвимости
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...
