Advisories » MGASA-2019-0141

Updated dovecot packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7524

Description

CVE-2019-7524: Missing input buffer size validation leads into arbitrary
buffer overflow when reading fts or pop3 uidl header from Dovecot index.
Exploiting this requires direct write access to the index files.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24588
• https://nvd.nist.gov/vuln/detail/CVE-2019-7524
• https://www.dovecot.org/list/dovecot-news/2019-March/000402.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7524

SRPMS

6/core

• dovecot-2.2.36.3-1.mga6