dovecot-2.2.36-6.el7
エラータID: AXSA:2020-4708:01
リリース日:
2020/04/16 Thursday - 05:37
題名:
dovecot-2.2.36-6.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
[Security Fix]
- Dovecot には、ユーザー名が空欄の有効なクライアント証明書を利用することで、
リモートの攻撃者が他のユーザーになりすますことができる脆弱性があります。
(CVE-2019-3814)
- Dovecot には、ローカルの攻撃者が indexer-worker プロセス中にバッファ
オーバーフローを引き起こすことで root に昇格できる脆弱性があります。
(CVE-2019-7524)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-3814
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
追加情報:
N/A
ダウンロード:
SRPMS
- dovecot-2.2.36-6.el7.src.rpm
MD5: 153c2f5bdda44db57315053d75d66ac9
SHA-256: 84a32b5e8c40ec42aeabdbd61cfc06c17846d7d397951d32bd204e5e80420ce3
Size: 7.69 MB
Asianux Server 7 for x86_64
- dovecot-2.2.36-6.el7.x86_64.rpm
MD5: 3287e02cf4abfeebaae8222d4e0ce470
SHA-256: a542996c017f9a060c5ac8ed9bd695892aa2389ef710c04317e4881f2fd4831f
Size: 4.39 MB - dovecot-mysql-2.2.36-6.el7.x86_64.rpm
MD5: 292144e0ae3a2473918657e1e27153d7
SHA-256: 6039a4d39d53fef3bf01a349f842e729faa237e78e9ec14f124f0c35f217345a
Size: 66.07 kB - dovecot-pgsql-2.2.36-6.el7.x86_64.rpm
MD5: 96d7cec6c3e9a732b04a8c9f51766e0b
SHA-256: bcb543bdeadc665bd64f908411ee5af30f908d205c53cd45e4ae75086b71868a
Size: 68.98 kB - dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm
MD5: ba9392a79e314ff23f4f3d08541100c2
SHA-256: 41d4fd7b6d930d41a1b13d189cc7e5e0166ad3c229947a3ed8bc34af3618e00f
Size: 391.57 kB - dovecot-2.2.36-6.el7.i686.rpm
MD5: 7269ea76d220da889bec7d25e57aebf2
SHA-256: 03894eb001b52704655d30ddacc567ff667aaf8411eede19e74a63c0f13f9141
Size: 4.38 MB
English