Описание
Security update for dovecot23
This update for dovecot23 to 2.3.10 fixes the following issues:
Security issues fixed:
- CVE-2020-10957: Fixed a crash caused by malformed NOOP commands (bsc#1171457).
- CVE-2020-10958: Fixed a use-after-free when receiving too many newlines (bsc#1171458).
- CVE-2020-10967: Fixed a crash in the lmtp and submission components caused by mails with empty quoted localparts (bsc#1171456).
Non-security issues fixed:
- The update to 2.3.10 fixes several bugs. Please refer to https://dovecot.org/doc/NEWS for a complete list of changes.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0720-1
- SUSE Security Ratings
- SUSE Bug 1171456
- SUSE Bug 1171457
- SUSE Bug 1171458
- SUSE CVE CVE-2020-10957 page
- SUSE CVE CVE-2020-10958 page
- SUSE CVE CVE-2020-10967 page
Описание
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Затронутые продукты
Ссылки
- CVE-2020-10957
- SUSE Bug 1171457
Описание
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
Затронутые продукты
Ссылки
- CVE-2020-10958
- SUSE Bug 1171458
Описание
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Затронутые продукты
Ссылки
- CVE-2020-10967
- SUSE Bug 1171456