Описание
ELSA-2019-3467: dovecot security and bug fix update (MODERATE)
[1:2.2.36-10]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1741788)
[1:2.2.36-9]
- reset errno before iterating through users (#1630410)
[1:2.2.36-8]
- fix CVE-2019-3814: improper certificate validation (#1674370)
[1:2.2.36-7]
- do not print error message when restorecon is not present during install (#1626395)
- change default config to use minimal UID = 1000 (#1630410)
[1:2.2.36-6]
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
dovecot
2.2.36-10.el8
dovecot-devel
2.2.36-10.el8
dovecot-mysql
2.2.36-10.el8
dovecot-pgsql
2.2.36-10.el8
dovecot-pigeonhole
2.2.36-10.el8
Oracle Linux x86_64
dovecot
2.2.36-10.el8
dovecot-devel
2.2.36-10.el8
dovecot-mysql
2.2.36-10.el8
dovecot-pgsql
2.2.36-10.el8
dovecot-pigeonhole
2.2.36-10.el8
Связанные CVE
Связанные уязвимости
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ...
