dovecot-2.3.16-3.el8
エラータID: AXSA:2022-4213:02
リリース日:
2022/11/29 Tuesday - 08:19
題名:
dovecot-2.3.16-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Dovecot の auth コンポーネントには、ドライバと引数が
同一の 2 つの passdb 構成エントリが存在する環境において
誤った username_filter とメカニズムが設定される問題が
あるため、リモートの攻撃者により、特定の設定において
権限昇格を可能とする脆弱性が存在します。(CVE-2022-30550)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-30550
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
追加情報:
N/A
ダウンロード:
SRPMS
- dovecot-2.3.16-3.el8.src.rpm
MD5: 68c3ca141a0abe8d5b6d83207c55507e
SHA-256: 950576a1d29a6c6c5b6c1abf0688e93262ef188b6f08293eea6bd4e6caf4467f
Size: 9.21 MB
Asianux Server 8 for x86_64
- dovecot-2.3.16-3.el8.x86_64.rpm
MD5: 981fe161ab1a0524b157d2059ddedf28
SHA-256: 667f4a73b49b4306868e8ddc448a34b5a579ce5f47c3e4ec8c8c72a84a6ce520
Size: 5.22 MB - dovecot-devel-2.3.16-3.el8.x86_64.rpm
MD5: a008743076bda9165949c569bb6d36c7
SHA-256: 478db50e94c4806b48b596d4c3bfbb5fddb68eb329106ff6679fcd5a745fcac4
Size: 581.37 kB - dovecot-mysql-2.3.16-3.el8.x86_64.rpm
MD5: d0dae90be1325510135ee40468b6bdf0
SHA-256: e79bf1cdda7ed91855c1e197bf28d648bc610952e4a1746e5416027cfcb8e0b0
Size: 100.58 kB - dovecot-pgsql-2.3.16-3.el8.x86_64.rpm
MD5: 03f9d4534aede57768279fae7b6abb9c
SHA-256: 6f18599dfb135713a2633e7d9323a127822a6942fa299260a1c5ee5d02f0cd2f
Size: 103.86 kB - dovecot-pigeonhole-2.3.16-3.el8.x86_64.rpm
MD5: 1ca243bb0ed1f6dc8710d15e6224f2f8
SHA-256: 7ffd1c00c54218bf77173c7a55e34e50b426c451644f91d1441facb08a1d0920
Size: 483.47 kB - dovecot-2.3.16-3.el8.i686.rpm
MD5: abd45640476ee9ee78b56c95a23d79a4
SHA-256: e55728eacf86c7efc126e93f86bd89a81b3654a6afcff8196a63bfaadc469e0f
Size: 5.62 MB - dovecot-devel-2.3.16-3.el8.i686.rpm
MD5: e25612891834ba76063f1234ee7d7891
SHA-256: 06a20b076b0733b163b4a0d40e2dfc35d74506be966d1e15cc33069c2ddeba2f
Size: 581.37 kB