dovecot-2.3.16-2.el8

エラータID: AXSA:2022-3412:01

Release date: 
Tuesday, July 5, 2022 - 09:52
Subject: 
dovecot-2.3.16-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

The following packages have been upgraded to a later upstream version: dovecot (2.3.16). (BZ#1980014)

Security Fix(es):

* dovecot: plaintext commands injection (CVE-2021-33515)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.6 Release Notes linked from the References section.

CVE-2021-33515
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

Solution: 

Update packages.

CVEs: 
CVE-2021-33515
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
Additional Info: 

N/A

Download: 

SRPMS
  1. dovecot-2.3.16-2.el8.src.rpm
    MD5: d813c8e73a061953fb3b46f007d8289f
    SHA-256: b2f6be716c64c663a16565ad711f1eaa955fce9ab56b02823ed7ea2ab9385a80
    Size: 9.21 MB

Asianux Server 8 for x86_64
  1. dovecot-2.3.16-2.el8.x86_64.rpm
    MD5: f6f8a5ed7417a1bfa5883370e5b7e7bc
    SHA-256: 9a98cf30b35161b6ca03ec24d3dc033f66d8dd2cb78039d5474d1380ea54a62b
    Size: 5.22 MB
  2. dovecot-devel-2.3.16-2.el8.x86_64.rpm
    MD5: 711d3227fa13d2ae77ea5aed94c4738c
    SHA-256: 015ab8ddd109cc7028e781b1a4094be38c023fee7c8c9a0e83ee0e12ee7f6e82
    Size: 581.21 kB
  3. dovecot-mysql-2.3.16-2.el8.x86_64.rpm
    MD5: 8c1bd8db9f352875d05121ee28360ca4
    SHA-256: 5db199507844805f80158271a805dbaf93e10051b5c60135f8eecb4f5e5b4f09
    Size: 100.42 kB
  4. dovecot-pgsql-2.3.16-2.el8.x86_64.rpm
    MD5: 7beab7303936b5c9840c026c91123c24
    SHA-256: 2c361050c813a4f39a2f402474a99b69fe175e7a9d21a0dd5c18496385f6c52b
    Size: 103.71 kB
  5. dovecot-pigeonhole-2.3.16-2.el8.x86_64.rpm
    MD5: ed433f012ade1688a19fb1dd3a5bd680
    SHA-256: a60d5d6e5f822a8079c9aa15f9a84dd45a1183565783839911654b5af9d98930
    Size: 483.16 kB
  6. dovecot-2.3.16-2.el8.i686.rpm
    MD5: 3552812a92a2ddee6d2f975c01b1e397
    SHA-256: 0528d4985b1708473bed576f8aa629905da66c4b847dc966c1fa84cc532524f3
    Size: 5.62 MB
  7. dovecot-devel-2.3.16-2.el8.i686.rpm
    MD5: 8b1b9e7080113b9837c7cf86caa6a2d7
    SHA-256: e9fffb6505ea3446ded7cb64d996efcd89f6922473e10724dc203f1b432db4eb
    Size: 581.20 kB