1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4825-1] dovecot security update

    From Salvatore Bonaccorso@21:1/5 to All on Mon Jan 4 16:30:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4825-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 04, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : dovecot
    CVE ID : CVE-2020-24386 CVE-2020-25275

    Several vulnerabilities have been discovered in the Dovecot email
    server.

    CVE-2020-24386

    When imap hibernation is active, an attacker (with valid credentials
    to access the mail server) can cause Dovecot to discover file system
    directory structures and access other users' emails via specially
    crafted commands.

    CVE-2020-25275

    Innokentii Sennovskiy reported that the mail delivery and parsing in
    Dovecot can crash when the 10000th MIME part is message/rfc822 (or
    if the parent was multipart/digest). This flaw was introduced by
    earlier changes addressing CVE-2020-12100.

    For the stable distribution (buster), these problems have been fixed in
    version 1:2.3.4.1-5+deb10u5.

    We recommend that you upgrade your dovecot packages.

    For the detailed security status of dovecot please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/dovecot

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/zMbxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q0Fw//dflTb6COgPuEjVnojuwkgil7rw6LCtgtl2Jk1wAarmFK/Y+j0qhl+i3/ UdHrXKG9Y8FqNllyxBCS0TUZnEggXTRemzfvFcavnyD1N/ensWxc+oI48tfOE+pk JM8z9DOIMCKK86S0Cb9D4irw65FUE8+rG1X6KrS0Yw2P0farno/cg90PPwhX8bcF rtHgvUeiMVRpb64eEkrKU2eZzHhngj1ve05qpfy8wvXf5zfk1SzJcs4tmtHHsHTT TkxZdrVd863FLt6w2hGaID+whyc0Oiep9JtwyzKCwLoQLvihSs2POOBl4wYnwvFw WTiqmaoDlZe37bZWAWT6jN3vmQ4pzmV1LYoOiN5gO4p2j8B6tj5NQ2679YlpN90V nM+ezGFpqFoLv7zL6FdmFV9YWBzLkTvX3gp9nfrEja1IyqMlg2tJFP3btp0NTBwK 7h7Te7s+dlaK0bvPjUQvtL2g+2nH4wkwp4X/DdSvlWYpBy6Ife91SDbQ/oXOm8h/ 8Bc252yTvEltTih89zPjVcZsllThG6n/BeNMrECg3OKvob0PZ636Su48PPLNKO7j bT6Zjr0g0vH6queVUN69RmWxq0nYYd5jMVvbNxC7GzQmeWR7FaaYCarjhXy1+7do YqjJi3NG4NTOiXKSVEypIW0gmqa8EfIQxthGOHyriB69GXaliks=
    =pA98
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)