dovecot-2.2.36-6.el7.1

エラータID: AXSA:2020-288:02

Release date: 
Monday, September 7, 2020 - 05:52
Subject: 
dovecot-2.2.36-6.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)

* dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)

* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-12674
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Solution: 

Update packages.

CVEs: 
CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-12674
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.2.36-6.el7.1.src.rpm
    MD5: bd9df14efcadf7739bb2c685df80125e
    SHA-256: 6d3423840f53fb2d664955f4bbd8c97aa17ab3b4665ab05e764dfcfe6d7d47de
    Size: 7.71 MB

Asianux Server 7 for x86_64
  1. dovecot-2.2.36-6.el7.1.x86_64.rpm
    MD5: 1f7beb62ffd7178364a696794b4b5404
    SHA-256: dd309221f43b1d12ba0840bb83016be46952b1b3b5d2035118b132d1d06f70ed
    Size: 4.39 MB
  2. dovecot-mysql-2.2.36-6.el7.1.x86_64.rpm
    MD5: 7ecb207d523c8f857f76ac5448c63880
    SHA-256: c27330eeb942992ee86d2956ce8a46d162279864328621fac38ac230cb39cf80
    Size: 66.37 kB
  3. dovecot-pgsql-2.2.36-6.el7.1.x86_64.rpm
    MD5: a3180bf06b059136cecec0ebec3d2161
    SHA-256: 674d6c263047125764d418f481998f4b503c96e16a84a0313e52fb8f34a054fa
    Size: 69.28 kB
  4. dovecot-pigeonhole-2.2.36-6.el7.1.x86_64.rpm
    MD5: c0504ec56aa317989add13982516a361
    SHA-256: 228b7219567199f2da84536c0e1bd572a0085b4ed16062822ddf12e956e542b3
    Size: 391.85 kB
  5. dovecot-2.2.36-6.el7.1.i686.rpm
    MD5: 39695d416b2b687d56eb9cea66960e99
    SHA-256: 38ffad2be1195d3eaec0b6406da268dc5a099792b3923eb395d7a7b00766dc2c
    Size: 4.39 MB