dovecot-2.2.36-3.el7.1

エラータID: AXSA:2019-4341:02

Release date: 
Wednesday, October 16, 2019 - 09:08
Subject: 
dovecot-2.2.36-3.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Solution: 

Update packages.

CVEs: 
CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.2.36-3.el7.1.src.rpm
    MD5: e3986801c5ec726a255537c62c50c74b
    SHA-256: c73d56e3462fc8d3b7dca3dc6401a62df4f57fcf7d76b33204d16b397199989c
    Size: 7.68 MB

Asianux Server 7 for x86_64
  1. dovecot-2.2.36-3.el7.1.x86_64.rpm
    MD5: 02c3615744cc6a72fb3cc7556711c1f5
    SHA-256: 8ca8ea120f59f3f14f20173a3e987f08443d855713cd5af4d99d0cae6f39e4a3
    Size: 4.39 MB
  2. dovecot-mysql-2.2.36-3.el7.1.x86_64.rpm
    MD5: 755f2875f661a6e440b1627d639381e4
    SHA-256: cc2f9a42f7bc754af86b9eabd2e4bd327c8ea818398521f5ce35acac9951b7dc
    Size: 65.76 kB
  3. dovecot-pgsql-2.2.36-3.el7.1.x86_64.rpm
    MD5: bb229d0c67506fba9ecf0178daf312a2
    SHA-256: 434a7ba418401ddd492ef6901c7eec7493d5e171b6292a0124d286d5a3cfcc6a
    Size: 68.66 kB
  4. dovecot-pigeonhole-2.2.36-3.el7.1.x86_64.rpm
    MD5: 96a17451281531981cb74e205c1f36ea
    SHA-256: 2d0ff7231c147093c018e2391c37bf893d5b42db2bd9b01d909fe763be957d3b
    Size: 391.25 kB
  5. dovecot-2.2.36-3.el7.1.i686.rpm
    MD5: c305dddef21632f27464c7ff6203c9a9
    SHA-256: 290790efe671ab47028c492a32f6a91918ee5bb5bf3eff7c5a7514cdd62c7c27
    Size: 4.38 MB