Описание
Security update for dovecot23
This update for dovecot23 fixes the following issues:
- CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559)
- CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625).
- CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP1
dovecot23-2.3.3-8.1
dovecot23-backend-mysql-2.3.3-8.1
dovecot23-backend-pgsql-2.3.3-8.1
dovecot23-backend-sqlite-2.3.3-8.1
dovecot23-devel-2.3.3-8.1
dovecot23-fts-2.3.3-8.1
dovecot23-fts-lucene-2.3.3-8.1
dovecot23-fts-solr-2.3.3-8.1
dovecot23-fts-squat-2.3.3-8.1
Ссылки
- Link for SUSE-SU-2019:2514-1
- E-Mail link for SUSE-SU-2019:2514-1
- SUSE Security Ratings
- SUSE Bug 1133624
- SUSE Bug 1133625
- SUSE Bug 1145559
- SUSE CVE CVE-2019-11494 page
- SUSE CVE CVE-2019-11499 page
- SUSE CVE CVE-2019-11500 page
Описание
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-mysql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-pgsql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-sqlite-2.3.3-8.1
Ссылки
- CVE-2019-11494
- SUSE Bug 1133624
- SUSE Bug 1133625
Описание
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-mysql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-pgsql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-sqlite-2.3.3-8.1
Ссылки
- CVE-2019-11499
- SUSE Bug 1133624
- SUSE Bug 1133625
Описание
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-mysql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-pgsql-2.3.3-8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:dovecot23-backend-sqlite-2.3.3-8.1
Ссылки
- CVE-2019-11500
- SUSE Bug 1145559