dovecot-2.0.9-22.AXS4.1

エラータID: AXSA:2019-4315:01

Release date: 
Wednesday, September 25, 2019 - 07:48
Subject: 
dovecot-2.0.9-22.AXS4.1
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Solution: 

Update packages.

CVEs: 
CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.0.9-22.AXS4.1.src.rpm
    MD5: 7336483add739e7ec8b4cec97d68f7cb
    SHA-256: ff6a2cdfc9541d68747dc23a082ec95c429d114a3282d027b28e76b8c99ad1f0
    Size: 4.27 MB

Asianux Server 4 for x86
  1. dovecot-2.0.9-22.AXS4.1.i686.rpm
    MD5: 1f666e6aac7b7997ce9edf7db538370e
    SHA-256: 2300dc536f0240c443854558120b0b5a819ce8966c6e67ce645182e62e8ad547
    Size: 1.93 MB
  2. dovecot-mysql-2.0.9-22.AXS4.1.i686.rpm
    MD5: f89753a96216c8c08090d356983d50f4
    SHA-256: 9f156b89688a8e94e475c85191da9f19a57d59f685473b5584686bfd6e112e70
    Size: 39.97 kB
  3. dovecot-pgsql-2.0.9-22.AXS4.1.i686.rpm
    MD5: 66f1d793582e66211c79e63cd7a72558
    SHA-256: de92b929254e9b04244c218314f45a05e6022a8c9c2aa95ad2259285a45c7196
    Size: 42.38 kB
  4. dovecot-pigeonhole-2.0.9-22.AXS4.1.i686.rpm
    MD5: 6eaeda77d36329f75359f6cc8d8383f4
    SHA-256: c99fc215e6e3b4d1ef88c1a289d630d9aa08af47596bd0c81f52a68f3c7ce9fc
    Size: 100.03 kB

Asianux Server 4 for x86_64
  1. dovecot-2.0.9-22.AXS4.1.x86_64.rpm
    MD5: b96ef0c3ce2c4007e20c1fe69c21f680
    SHA-256: 08cbbfc7392b3b2109386ed6f8875a90c9877bb7082abe6d25c02de29697a335
    Size: 1.91 MB
  2. dovecot-mysql-2.0.9-22.AXS4.1.x86_64.rpm
    MD5: a9833591f4d6664d1b664109b0cdf391
    SHA-256: 2e630090b32a59986471cd5fe073e9f594e1213bf94ca0acb19b20360368d4e0
    Size: 39.64 kB
  3. dovecot-pgsql-2.0.9-22.AXS4.1.x86_64.rpm
    MD5: c960a282b4e270ca773be1515ab9bcd6
    SHA-256: cc3086109a0ad6aa6f2318c6c6d4891be7190683c1cb21b5e89e725c838e9d3b
    Size: 42.04 kB
  4. dovecot-pigeonhole-2.0.9-22.AXS4.1.x86_64.rpm
    MD5: 4815d312d28ef6968ae2f0ef6dd674e7
    SHA-256: 869149bbcd1e15a65edbbb0fa095b2edb3015408999d1a2f9e4589697d6654d1
    Size: 99.55 kB
  5. dovecot-2.0.9-22.AXS4.1.i686.rpm
    MD5: 1f666e6aac7b7997ce9edf7db538370e
    SHA-256: 2300dc536f0240c443854558120b0b5a819ce8966c6e67ce645182e62e8ad547
    Size: 1.93 MB