Updated dovecot packages fix security vulnerability
Publication date: 13 Feb 2019Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3814
Description
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
References
SRPMS
6/core
- dovecot-2.2.36.1-1.mga6