Advisories ยป MGASA-2019-0072

Updated dovecot packages fix security vulnerability

Publication date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3814

Description

CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
                

References

SRPMS

6/core