Updated dovecot packages fix security vulnerability
Publication date: 18 Aug 2020Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12100 , CVE-2020-12673 , CVE-2020-12674
Description
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on.
References
- https://bugs.mageia.org/show_bug.cgi?id=27099
- https://dovecot.org/pipermail/dovecot-news/2020-August/000441.html
- https://dovecot.org/pipermail/dovecot-news/2020-August/000442.html
- https://dovecot.org/pipermail/dovecot-news/2020-August/000443.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12674
SRPMS
7/core
- dovecot-2.3.11.3-1.mga7