Описание
ELSA-2020-1062: dovecot security and bug fix update (MODERATE)
[1:2.2.36-6]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1741787)
[1:2.2.36-5]
- fix CVE-2019-3814: improper certificate validation (#1674369)
- fix CVE-2019-7524: buffer overflow in indexer-worker process resulting in privilege escalation (#1700398)
[1:2.2.36-4]
- use portreserve to avoid port conflicts(#1270283)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
dovecot
2.2.36-6.el7
dovecot-devel
2.2.36-6.el7
dovecot-mysql
2.2.36-6.el7
dovecot-pgsql
2.2.36-6.el7
dovecot-pigeonhole
2.2.36-6.el7
Oracle Linux x86_64
dovecot
2.2.36-6.el7
dovecot-devel
2.2.36-6.el7
dovecot-mysql
2.2.36-6.el7
dovecot-pgsql
2.2.36-6.el7
dovecot-pigeonhole
2.2.36-6.el7
Связанные CVE
Связанные уязвимости
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.