ALT Linux Team

Branch c8.1 update on 2019-09-04

2019-09-04

ALT-BU-2019-3919-1

Branch c8.1 update bulletin.

ALT-PU-2019-2603-1

Package dovecot updated to version 2.2.21-alt1.M80C.1 for branch c8.1 in task 236900.

Closed vulnerabilities

Published: 2019-08-28

BDU:2019-03214

Уязвимость агента доставки электронной почты Dovecot, связанная с возможностью записи за пределами границ памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-29
Modified: 2024-11-21

CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-2604-1

Package dovecot-pigeonhole updated to version 0.4.11-alt1.M80C.1 for branch c8.1 in task 236900.

Closed vulnerabilities

Published: 2019-08-28

BDU:2019-03214

Уязвимость агента доставки электронной почты Dovecot, связанная с возможностью записи за пределами границ памяти, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-29
Modified: 2024-11-21

CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top