Advisories » MGASA-2024-0280

Updated packages fix security vulnerabilities

Publication date: 17 Aug 2024
Modification date: 17 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23184 , CVE-2024-23185

Description

CVE-2024-23184: A large number of address headers in email resulted in
excessive CPU usage.
CVE-2024-23185: Abnormally large email headers are now truncated or
discarded, with a limit of 10MB on a single header and 50MB for all the
headers of all the parts of an email.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33466
• https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23184
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23185

SRPMS

9/core

• dovecot-2.3.21.1-1.mga9