dovecot-2.3.16-7.el9
エラータID: AXSA:2023-4711:01
リリース日:
2023/01/12 Thursday - 09:42
題名:
dovecot-2.3.16-7.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Dovecot の auth コンポーネントには、ドライバと引数が同一の
2 つの passdb 構成エントリが存在する環境において誤った
username_filter とメカニズムが設定される問題があるため、
リモートの攻撃者により、特定の設定において権限昇格を可能と
する脆弱性が存在します。(CVE-2022-30550)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-30550
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.
追加情報:
N/A
ダウンロード:
SRPMS
- dovecot-2.3.16-7.el9.src.rpm
MD5: 7dbf14ead5c91302332b2b9c7bf5935a
SHA-256: 68d60d845238e8c9bc72004873e4a324954671cd8ce8fa3d8b9d98dfbc29d21a
Size: 9.13 MB
Asianux Server 9 for x86_64
- dovecot-2.3.16-7.el9.x86_64.rpm
MD5: 16cd00a1042a9a31af1c96e3171cce7d
SHA-256: c666e882c5066816f2073a9f5dc96b9f75c4ed832854ffc21f2e6952132886cf
Size: 4.71 MB - dovecot-devel-2.3.16-7.el9.x86_64.rpm
MD5: 27e74acdd8cffc9dff0468735d31142d
SHA-256: 085e756c5820af1ab540b8358a38cfd071d47989077173094197d0768b115b29
Size: 456.28 kB - dovecot-mysql-2.3.16-7.el9.x86_64.rpm
MD5: 8256ea9e332c5b1f0c9ab87b86996675
SHA-256: e16b756aad10083a293d564388b3075883159f018b9ab3a32e5374adbd5130d1
Size: 22.25 kB - dovecot-pgsql-2.3.16-7.el9.x86_64.rpm
MD5: 22eb8645f9626628b56c6e073aa8c07c
SHA-256: 725395cac6132b188a8264c9172c533117810d1128e74a556c7de7ce0f01a69e
Size: 26.24 kB - dovecot-pigeonhole-2.3.16-7.el9.x86_64.rpm
MD5: 8ececa8af74f2ccce7eca966002269c7
SHA-256: 2678b192b0a0fa81e97c11edf13f241aeba33c92ac4b0ef3d5be2492515e5a14
Size: 375.54 kB - dovecot-2.3.16-7.el9.i686.rpm
MD5: 205142cd5cbebea2a5b72dd59cfcf587
SHA-256: 190ee7b0b63b23662b8485de915942fc8626024e56361061cc159ad7cdb9ebf4
Size: 5.11 MB - dovecot-devel-2.3.16-7.el9.i686.rpm
MD5: 61f1d73df2fefa6654b32dd9e5b47932
SHA-256: a4ae7f902a7e6ee9bc8686b38ae8bef1ef3ef2e59847ba0a4b8114a30d4fd349
Size: 456.13 kB