dovecot-2.3.8-4.el8

エラータID: AXSA:2021-1195:01

Release date: 
Thursday, January 14, 2021 - 13:36
Subject: 
dovecot-2.3.8-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: command followed by sufficient number of newlines leads to use-after-free (CVE-2020-10958)

* dovecot: sending mail with empty quoted localpart leads to DoS (CVE-2020-10967)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

Solution: 

Update packages.

CVEs: 
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.3.8-4.el8.src.rpm
    MD5: 1b079687828bbfe9d49ff5a9f2237977
    SHA-256: 1b68d5166c8afd20bcd77c345de6fa3e6a6b4ac147c602c564000839fce48a71
    Size: 8.66 MB

Asianux Server 8 for x86_64
  1. dovecot-2.3.8-4.el8.x86_64.rpm
    MD5: d7177d8646ff2d84aa22ed876ca5ecd0
    SHA-256: 35b1b7f9dbf377e993c566b6bce0dd50e73dc376da2bfcbd49b25bb7119ef67e
    Size: 4.98 MB
  2. dovecot-mysql-2.3.8-4.el8.x86_64.rpm
    MD5: c85209b022f7bd2f5076dbf2f40f6b1c
    SHA-256: 9009a4d4c925964e68ba380bced89d30da467c732116677fc692819e621c873d
    Size: 99.61 kB
  3. dovecot-pgsql-2.3.8-4.el8.x86_64.rpm
    MD5: 8d703040a84d53d5f1612f140763f7dc
    SHA-256: a4bb8b6e0a32ad5e6033a089aecc1a7780f8344c74d65060bc377ab56d6af90e
    Size: 102.95 kB
  4. dovecot-pigeonhole-2.3.8-4.el8.x86_64.rpm
    MD5: a43ab2d9a879d37c28a46f918355a302
    SHA-256: 7847b4b3a3ea4728c42a51f1a770b07d5787093299afef9c0b6a4c271311d612
    Size: 452.74 kB