Updated dovecot packages fix security vulnerabilities
Publication date: 08 Jan 2021Modification date: 08 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-24386 , CVE-2020-25275
Description
It was discovered that Dovecot incorrectly handled certain imap hibernation
commands. A remote authenticated attacker could possibly use this issue to
access other users’ email (CVE-2020-24386).
Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME
parsing. A remote attacker could possibly use this issue to cause Dovecot
to crash, resulting in a denial of service (CVE-2020-25275).
The dovecot package has been updated to version 2.3.13, fixing these issues
and other bugs. See the upstream release announcement for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=28012
- https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
- https://ubuntu.com/security/notices/USN-4674-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24386
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25275
SRPMS
7/core
- dovecot-2.3.13-1.mga7