Описание
ELSA-2020-4763: dovecot security update (MODERATE)
[1:2.3.8-4]
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
[1:2.3.8-3]
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines leads to use-after-free (#1840357)
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart leads to DoS (#1840356)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
dovecot
2.3.8-4.el8
dovecot-devel
2.3.8-4.el8
dovecot-mysql
2.3.8-4.el8
dovecot-pgsql
2.3.8-4.el8
dovecot-pigeonhole
2.3.8-4.el8
Oracle Linux x86_64
dovecot
2.3.8-4.el8
dovecot-devel
2.3.8-4.el8
dovecot-mysql
2.3.8-4.el8
dovecot-pgsql
2.3.8-4.el8
dovecot-pigeonhole
2.3.8-4.el8
Связанные CVE
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 5 лет назад
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
CVSS3: 5.3
redhat
больше 5 лет назад
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.