Advisories » MGASA-2020-0222

Updated dovecot packages fix security vulnerabilities

Publication date: 24 May 2020
Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10957 , CVE-2020-10958 , CVE-2020-10967

Description

Dovecot has been updated to fix several security issues.

Sending malformed NOOP command causes crash in submission, submission-login
or lmtp service (CVE-2020-10957).

Sending command followed by sufficient number of newlines triggers a
use-after-free bug that might crash submission-login, submission or lmtp
service (CVE-2020-10958).

Sending mail with empty quoted localpart causes submission or lmtp
component to crash (CVE-2020-10967).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26644
• https://www.openwall.com/lists/oss-security/2020/05/18/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967

SRPMS

7/core

• dovecot-2.3.10.1-1.mga7