dovecot-2.3.8-9.el8
エラータID: AXSA:2021-2023:02
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es):
* dovecot: IMAP hibernation function allows mail access (CVE-2020-24386)
* dovecot: Denial of service via mail MIME parsing (CVE-2020-25275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-24386
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
CVE-2020-25275
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Update packages.
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
N/A
SRPMS
- dovecot-2.3.8-9.el8.src.rpm
MD5: 7dc7d0792e0269deb7f34a1c95bf3268
SHA-256: b061592dd118b6600bf44ad995f31d7bb915798fc635ab0c2904c21fce4a1e6a
Size: 8.67 MB
Asianux Server 8 for x86_64
- dovecot-2.3.8-9.el8.x86_64.rpm
MD5: e990be33368618bb5d91fd544e669762
SHA-256: 6fde48e8cac82bf5d63babe37ece90b929cd5231e3f7558c3168b7fb4fef4658
Size: 4.98 MB - dovecot-mysql-2.3.8-9.el8.x86_64.rpm
MD5: 941d14a29e3a3e2f276ea781f42cf9f0
SHA-256: 6ce2af5cfe2119d5800a7fa4b00564e32cd41ad9c3947ab388e3a3dece079b54
Size: 100.13 kB - dovecot-pgsql-2.3.8-9.el8.x86_64.rpm
MD5: aff5ab192746385493bda30efd4671aa
SHA-256: c33e29a84a5338a83551b164139e75060caeff68af9b00588fec3a43a8b11f61
Size: 103.69 kB - dovecot-pigeonhole-2.3.8-9.el8.x86_64.rpm
MD5: 5d8885daedf06684f2e18080ed22d345
SHA-256: 3104e55f6d76e1893466d57130db213a94bf5f1216a999275c07a89906fcb8d4
Size: 453.81 kB