Описание
Security update for dovecot22
This update for dovecot22 fixes the following issues:
- CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405).
Список пакетов
HPE Helion OpenStack 8
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Enterprise Storage 5
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP2-BCL
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP2-LTSS
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP3-BCL
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP3-LTSS
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP4-LTSS
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server 12 SP5
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE Linux Enterprise Software Development Kit 12 SP5
dovecot22-devel-2.2.31-19.25.1
SUSE OpenStack Cloud 7
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE OpenStack Cloud 8
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE OpenStack Cloud 9
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE OpenStack Cloud Crowbar 8
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
SUSE OpenStack Cloud Crowbar 9
dovecot22-2.2.31-19.25.1
dovecot22-backend-mysql-2.2.31-19.25.1
dovecot22-backend-pgsql-2.2.31-19.25.1
dovecot22-backend-sqlite-2.2.31-19.25.1
Ссылки
- Link for SUSE-SU-2021:0018-1
- E-Mail link for SUSE-SU-2021:0018-1
- SUSE Security Ratings
- SUSE Bug 1180405
- SUSE CVE CVE-2020-24386 page
Описание
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Затронутые продукты
HPE Helion OpenStack 8:dovecot22-2.2.31-19.25.1
HPE Helion OpenStack 8:dovecot22-backend-mysql-2.2.31-19.25.1
HPE Helion OpenStack 8:dovecot22-backend-pgsql-2.2.31-19.25.1
HPE Helion OpenStack 8:dovecot22-backend-sqlite-2.2.31-19.25.1
Ссылки
- CVE-2020-24386
- SUSE Bug 1180405