Advisories ยป MGASA-2020-0222

Updated dovecot packages fix security vulnerabilities

Publication date: 24 May 2020
Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10957 , CVE-2020-10958 , CVE-2020-10967

Description

Dovecot has been updated to fix several security issues.

Sending malformed NOOP command causes crash in submission, submission-login
or lmtp service (CVE-2020-10957).

Sending command followed by sufficient number of newlines triggers a
use-after-free bug that might crash submission-login, submission or lmtp
service (CVE-2020-10958).

Sending mail with empty quoted localpart causes submission or lmtp
component to crash (CVE-2020-10967).
                

References

SRPMS

7/core