openSUSE-SU-2019:2278-1

Опубликовано: 07 окт. 2019

Источник: suse-cvrf

Описание

Security update for dovecot23

This update for dovecot23 fixes the following issue:

CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559)
CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625).
CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

dovecot23-2.3.3-lp150.14.1

dovecot23-backend-mysql-2.3.3-lp150.14.1

dovecot23-backend-pgsql-2.3.3-lp150.14.1

dovecot23-backend-sqlite-2.3.3-lp150.14.1

dovecot23-devel-2.3.3-lp150.14.1

dovecot23-fts-2.3.3-lp150.14.1

dovecot23-fts-lucene-2.3.3-lp150.14.1

dovecot23-fts-solr-2.3.3-lp150.14.1

dovecot23-fts-squat-2.3.3-lp150.14.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZX4AZ5LGOZTCD7HGA6Y7KWE3LMXAGVL/#4ZX4AZ5LGOZTCD7HGA6Y7KWE3LMXAGVL
E-Mail link for openSUSE-SU-2019:2278-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1133624
SUSE Bug 1133624
https://bugzilla.suse.com/1133625
SUSE Bug 1133625
https://bugzilla.suse.com/1145559
SUSE Bug 1145559
https://www.suse.com/security/cve/CVE-2019-11494/
SUSE CVE CVE-2019-11494 page
https://www.suse.com/security/cve/CVE-2019-11499/
SUSE CVE CVE-2019-11499 page
https://www.suse.com/security/cve/CVE-2019-11500/
SUSE CVE CVE-2019-11500 page

Описание

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Затронутые продукты

openSUSE Leap 15.0:dovecot23-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-mysql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-pgsql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-sqlite-2.3.3-lp150.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11494.html
CVE-2019-11494
https://bugzilla.suse.com/1133624
SUSE Bug 1133624
https://bugzilla.suse.com/1133625
SUSE Bug 1133625

Описание

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

Затронутые продукты

openSUSE Leap 15.0:dovecot23-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-mysql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-pgsql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-sqlite-2.3.3-lp150.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11499.html
CVE-2019-11499
https://bugzilla.suse.com/1133624
SUSE Bug 1133624
https://bugzilla.suse.com/1133625
SUSE Bug 1133625

Описание

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Затронутые продукты

openSUSE Leap 15.0:dovecot23-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-mysql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-pgsql-2.3.3-lp150.14.1

openSUSE Leap 15.0:dovecot23-backend-sqlite-2.3.3-lp150.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11500.html
CVE-2019-11500
https://bugzilla.suse.com/1145559
SUSE Bug 1145559

openSUSE-SU-2019:2278-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-11494

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11499

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-11500

Описание

Затронутые продукты

Ссылки