dovecot-2.2.36-6.el7.1
エラータID: AXSA:2020-288:02
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es):
* dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
* dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-12674
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Update packages.
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
N/A
SRPMS
- dovecot-2.2.36-6.el7.1.src.rpm
MD5: bd9df14efcadf7739bb2c685df80125e
SHA-256: 6d3423840f53fb2d664955f4bbd8c97aa17ab3b4665ab05e764dfcfe6d7d47de
Size: 7.71 MB
Asianux Server 7 for x86_64
- dovecot-2.2.36-6.el7.1.x86_64.rpm
MD5: 1f7beb62ffd7178364a696794b4b5404
SHA-256: dd309221f43b1d12ba0840bb83016be46952b1b3b5d2035118b132d1d06f70ed
Size: 4.39 MB - dovecot-mysql-2.2.36-6.el7.1.x86_64.rpm
MD5: 7ecb207d523c8f857f76ac5448c63880
SHA-256: c27330eeb942992ee86d2956ce8a46d162279864328621fac38ac230cb39cf80
Size: 66.37 kB - dovecot-pgsql-2.2.36-6.el7.1.x86_64.rpm
MD5: a3180bf06b059136cecec0ebec3d2161
SHA-256: 674d6c263047125764d418f481998f4b503c96e16a84a0313e52fb8f34a054fa
Size: 69.28 kB - dovecot-pigeonhole-2.2.36-6.el7.1.x86_64.rpm
MD5: c0504ec56aa317989add13982516a361
SHA-256: 228b7219567199f2da84536c0e1bd572a0085b4ed16062822ddf12e956e542b3
Size: 391.85 kB - dovecot-2.2.36-6.el7.1.i686.rpm
MD5: 39695d416b2b687d56eb9cea66960e99
SHA-256: 38ffad2be1195d3eaec0b6406da268dc5a099792b3923eb395d7a7b00766dc2c
Size: 4.39 MB