dovecot-2.3.8-9.el8

エラータID: AXSA:2021-2023:02

Release date: 
Thursday, June 17, 2021 - 12:55
Subject: 
dovecot-2.3.8-9.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: IMAP hibernation function allows mail access (CVE-2020-24386)
* dovecot: Denial of service via mail MIME parsing (CVE-2020-25275)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-24386
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
CVE-2020-25275
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Solution: 

Update packages.

CVEs: 
CVE-2020-24386
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
CVE-2020-25275
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.3.8-9.el8.src.rpm
    MD5: 7dc7d0792e0269deb7f34a1c95bf3268
    SHA-256: b061592dd118b6600bf44ad995f31d7bb915798fc635ab0c2904c21fce4a1e6a
    Size: 8.67 MB

Asianux Server 8 for x86_64
  1. dovecot-2.3.8-9.el8.x86_64.rpm
    MD5: e990be33368618bb5d91fd544e669762
    SHA-256: 6fde48e8cac82bf5d63babe37ece90b929cd5231e3f7558c3168b7fb4fef4658
    Size: 4.98 MB
  2. dovecot-mysql-2.3.8-9.el8.x86_64.rpm
    MD5: 941d14a29e3a3e2f276ea781f42cf9f0
    SHA-256: 6ce2af5cfe2119d5800a7fa4b00564e32cd41ad9c3947ab388e3a3dece079b54
    Size: 100.13 kB
  3. dovecot-pgsql-2.3.8-9.el8.x86_64.rpm
    MD5: aff5ab192746385493bda30efd4671aa
    SHA-256: c33e29a84a5338a83551b164139e75060caeff68af9b00588fec3a43a8b11f61
    Size: 103.69 kB
  4. dovecot-pigeonhole-2.3.8-9.el8.x86_64.rpm
    MD5: 5d8885daedf06684f2e18080ed22d345
    SHA-256: 3104e55f6d76e1893466d57130db213a94bf5f1216a999275c07a89906fcb8d4
    Size: 453.81 kB