ALT Linux Team

Package dovecot update in sisyphus on 2021-01-12

ALT-PU-2021-1027-1

Package dovecot updated to version 2.3.13-alt1 for branch sisyphus in task 264565.

Closed vulnerabilities

Published: 2020-09-11

BDU:2021-01901

Уязвимость компонентов lda, lmtp и imap почтового сервера Dovecot, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2021-01-04
Modified: 2024-11-21

CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).

Severity: MEDIUM (4.9) Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2021-01-04
Modified: 2024-11-21

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top