Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0900-1

Опубликовано: 08 апр. 2019
Источник: suse-cvrf

Описание

Security update for dovecot22

This update for dovecot22 fixes the following issues:

Security issues fixed:

  • CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116).
  • CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022).

Other issue fixed:

  • Fixed handling of command continuation(bsc#1111789)

Список пакетов

SUSE Enterprise Storage 4
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12 SP1-LTSS
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12 SP2-BCL
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12 SP2-LTSS
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12 SP3
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12 SP4
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server 12-LTSS
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2
SUSE Linux Enterprise Software Development Kit 12 SP3
dovecot22-devel-2.2.31-19.14.2
SUSE Linux Enterprise Software Development Kit 12 SP4
dovecot22-devel-2.2.31-19.14.2
SUSE OpenStack Cloud 7
dovecot22-2.2.31-19.14.2
dovecot22-backend-mysql-2.2.31-19.14.2
dovecot22-backend-pgsql-2.2.31-19.14.2
dovecot22-backend-sqlite-2.2.31-19.14.2

Ссылки

Описание

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Затронутые продукты
SUSE Enterprise Storage 4:dovecot22-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-mysql-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-pgsql-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-sqlite-2.2.31-19.14.2
Ссылки

Описание

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

Затронутые продукты
SUSE Enterprise Storage 4:dovecot22-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-mysql-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-pgsql-2.2.31-19.14.2
SUSE Enterprise Storage 4:dovecot22-backend-sqlite-2.2.31-19.14.2
Ссылки