Updated dovecot packages fix security vulnerabilities
Publication date: 24 May 2020Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10957 , CVE-2020-10958 , CVE-2020-10967
Description
Dovecot has been updated to fix several security issues. Sending malformed NOOP command causes crash in submission, submission-login or lmtp service (CVE-2020-10957). Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service (CVE-2020-10958). Sending mail with empty quoted localpart causes submission or lmtp component to crash (CVE-2020-10967).
References
SRPMS
7/core
- dovecot-2.3.10.1-1.mga7