dovecot-2.2.36-6.el7

エラータID: AXSA:2020-4708:01

Release date: 
Thursday, April 16, 2020 - 05:37
Subject: 
dovecot-2.2.36-6.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: Improper certificate validation (CVE-2019-3814)

* dovecot: Buffer overflow in indexer-worker process results in privilege escalation (CVE-2019-7524)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.2.36-6.el7.src.rpm
    MD5: 153c2f5bdda44db57315053d75d66ac9
    SHA-256: 84a32b5e8c40ec42aeabdbd61cfc06c17846d7d397951d32bd204e5e80420ce3
    Size: 7.69 MB

Asianux Server 7 for x86_64
  1. dovecot-2.2.36-6.el7.x86_64.rpm
    MD5: 3287e02cf4abfeebaae8222d4e0ce470
    SHA-256: a542996c017f9a060c5ac8ed9bd695892aa2389ef710c04317e4881f2fd4831f
    Size: 4.39 MB
  2. dovecot-mysql-2.2.36-6.el7.x86_64.rpm
    MD5: 292144e0ae3a2473918657e1e27153d7
    SHA-256: 6039a4d39d53fef3bf01a349f842e729faa237e78e9ec14f124f0c35f217345a
    Size: 66.07 kB
  3. dovecot-pgsql-2.2.36-6.el7.x86_64.rpm
    MD5: 96d7cec6c3e9a732b04a8c9f51766e0b
    SHA-256: bcb543bdeadc665bd64f908411ee5af30f908d205c53cd45e4ae75086b71868a
    Size: 68.98 kB
  4. dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm
    MD5: ba9392a79e314ff23f4f3d08541100c2
    SHA-256: 41d4fd7b6d930d41a1b13d189cc7e5e0166ad3c229947a3ed8bc34af3618e00f
    Size: 391.57 kB
  5. dovecot-2.2.36-6.el7.i686.rpm
    MD5: 7269ea76d220da889bec7d25e57aebf2
    SHA-256: 03894eb001b52704655d30ddacc567ff667aaf8411eede19e74a63c0f13f9141
    Size: 4.38 MB