ALT-PU-2019-2531-1
Closed vulnerabilities
BDU:2019-01562
Уязвимость почтового сервера Dovecot, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю повысить свои привилегии
BDU:2019-02459
Уязвимость JSON-кодировщика почтового сервера Dovecot, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03702
Уязвимость реализации протокола Internet Message Access Protocol (IMAP) почтового сервера Dovecot, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-03704
Уязвимость реализации протокола Internet Message Access Protocol (IMAP) почтового сервера Dovecot, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-10691
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
- openSUSE-SU-2019:1312
- openSUSE-SU-2019:1312
- [oss-security] 20190418 CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
- [oss-security] 20190418 CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
- [dovecot-news] 20190418 CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
- [dovecot-news] 20190418 CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
- FEDORA-2019-1b61a528dd
- FEDORA-2019-1b61a528dd
- GLSA-201908-29
- GLSA-201908-29
Modified: 2024-11-21
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2281
- openSUSE-SU-2019:2281
- FEDORA-2019-9e004decea
- FEDORA-2019-9e004decea
- FEDORA-2019-1b61a528dd
- FEDORA-2019-1b61a528dd
- https://www.dovecot.org/download.html
- https://www.dovecot.org/download.html
- https://www.dovecot.org/security.html
- https://www.dovecot.org/security.html
Modified: 2024-11-21
CVE-2019-11499
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2278
- openSUSE-SU-2019:2281
- openSUSE-SU-2019:2281
- FEDORA-2019-9e004decea
- FEDORA-2019-9e004decea
- FEDORA-2019-1b61a528dd
- FEDORA-2019-1b61a528dd
- https://www.dovecot.org/download.html
- https://www.dovecot.org/download.html
- https://www.dovecot.org/security.html
- https://www.dovecot.org/security.html
Modified: 2024-11-21
CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
- openSUSE-SU-2019:1212
- openSUSE-SU-2019:1220
- [oss-security] 20190328 CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
- 107672
- https://dovecot.org/list/dovecot-news/2019-March/000403.html
- https://dovecot.org/security.html
- [debian-lts-announce] 20190329 [SECURITY] [DLA 1736-1] dovecot security update
- FEDORA-2019-9e004decea
- FEDORA-2019-1b61a528dd
- 20190328 [SECURITY] [DSA 4418-1] dovecot security update
- GLSA-201904-19
- USN-3928-1
- DSA-4418
- openSUSE-SU-2019:1212
- DSA-4418
- USN-3928-1
- GLSA-201904-19
- 20190328 [SECURITY] [DSA 4418-1] dovecot security update
- FEDORA-2019-1b61a528dd
- FEDORA-2019-9e004decea
- [debian-lts-announce] 20190329 [SECURITY] [DLA 1736-1] dovecot security update
- https://dovecot.org/security.html
- https://dovecot.org/list/dovecot-news/2019-March/000403.html
- 107672
- [oss-security] 20190328 CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
- openSUSE-SU-2019:1220
Closed bugs
Обновить dovecot
Последняя версия: 2.3.7.1