dovecot-2.3.8-4.el8
エラータID: AXSA:2021-1195:01
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es):
* dovecot: command followed by sufficient number of newlines leads to use-after-free (CVE-2020-10958)
* dovecot: sending mail with empty quoted localpart leads to DoS (CVE-2020-10967)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Update packages.
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
N/A
SRPMS
- dovecot-2.3.8-4.el8.src.rpm
MD5: 1b079687828bbfe9d49ff5a9f2237977
SHA-256: 1b68d5166c8afd20bcd77c345de6fa3e6a6b4ac147c602c564000839fce48a71
Size: 8.66 MB
Asianux Server 8 for x86_64
- dovecot-2.3.8-4.el8.x86_64.rpm
MD5: d7177d8646ff2d84aa22ed876ca5ecd0
SHA-256: 35b1b7f9dbf377e993c566b6bce0dd50e73dc376da2bfcbd49b25bb7119ef67e
Size: 4.98 MB - dovecot-mysql-2.3.8-4.el8.x86_64.rpm
MD5: c85209b022f7bd2f5076dbf2f40f6b1c
SHA-256: 9009a4d4c925964e68ba380bced89d30da467c732116677fc692819e621c873d
Size: 99.61 kB - dovecot-pgsql-2.3.8-4.el8.x86_64.rpm
MD5: 8d703040a84d53d5f1612f140763f7dc
SHA-256: a4bb8b6e0a32ad5e6033a089aecc1a7780f8344c74d65060bc377ab56d6af90e
Size: 102.95 kB - dovecot-pigeonhole-2.3.8-4.el8.x86_64.rpm
MD5: a43ab2d9a879d37c28a46f918355a302
SHA-256: 7847b4b3a3ea4728c42a51f1a770b07d5787093299afef9c0b6a4c271311d612
Size: 452.74 kB