Advisories ยป MGASA-2020-0330

Updated dovecot packages fix security vulnerability

Publication date: 18 Aug 2020
Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12100 , CVE-2020-12673 , CVE-2020-12674


CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource
exhaustion as Dovecot attempts to parse it.
CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message
buffer size, which leads to reading past allocation which can lead to crash.
CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length
message, which leads to assert-crash later on.