dovecot-2.2.36-3.el7.1
エラータID: AXSA:2019-4341:02
リリース日:
2019/10/16 Wednesday - 09:08
題名:
dovecot-2.2.36-3.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
[Security Fix]
- Dovecot には、ヌル文字の扱いを誤っているため、プロトコルの処理がクォート
された文字列に対して失敗し、境界外への書き込みとリモートのコードの実行に
つながる脆弱性があります。(CVE-2019-11500)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-11500
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- dovecot-2.2.36-3.el7.1.src.rpm
MD5: e3986801c5ec726a255537c62c50c74b
SHA-256: c73d56e3462fc8d3b7dca3dc6401a62df4f57fcf7d76b33204d16b397199989c
Size: 7.68 MB
Asianux Server 7 for x86_64
- dovecot-2.2.36-3.el7.1.x86_64.rpm
MD5: 02c3615744cc6a72fb3cc7556711c1f5
SHA-256: 8ca8ea120f59f3f14f20173a3e987f08443d855713cd5af4d99d0cae6f39e4a3
Size: 4.39 MB - dovecot-mysql-2.2.36-3.el7.1.x86_64.rpm
MD5: 755f2875f661a6e440b1627d639381e4
SHA-256: cc2f9a42f7bc754af86b9eabd2e4bd327c8ea818398521f5ce35acac9951b7dc
Size: 65.76 kB - dovecot-pgsql-2.2.36-3.el7.1.x86_64.rpm
MD5: bb229d0c67506fba9ecf0178daf312a2
SHA-256: 434a7ba418401ddd492ef6901c7eec7493d5e171b6292a0124d286d5a3cfcc6a
Size: 68.66 kB - dovecot-pigeonhole-2.2.36-3.el7.1.x86_64.rpm
MD5: 96a17451281531981cb74e205c1f36ea
SHA-256: 2d0ff7231c147093c018e2391c37bf893d5b42db2bd9b01d909fe763be957d3b
Size: 391.25 kB - dovecot-2.2.36-3.el7.1.i686.rpm
MD5: c305dddef21632f27464c7ff6203c9a9
SHA-256: 290790efe671ab47028c492a32f6a91918ee5bb5bf3eff7c5a7514cdd62c7c27
Size: 4.38 MB