Univention Bugzilla – Bug 52550
dovecot: Multiple issues (4.4)
Last modified: 2021-01-07 09:56:11 CET
New Debian dovecot 1:2.2.27-3+deb9u7 fixes: This update addresses the following issues: * IMAP hibernation function allows mail access (CVE-2020-24386) * Denial of service via mail MIME parsing (CVE-2020-25275)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/dovecot_2.2.27-3+deb9u6.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/dovecot_2.2.27-3+deb9u7.dsc @@ -1,3 +1,11 @@ +1:2.2.27-3+deb9u7 [Tue, 05 Jan 2021 12:19:39 +0000] Chris Lamb <lamby@debian.org>: + + * CVE-2020-24386: Prevent an issue where an attacker could cause Dovecot to + discover file system directory structure and even access other users' + emails using a pecially crafted command. + * CVE-2020-25275: Prevent an issue where a malicious sender can crash Dovecot + repeatedly by sending messages with more than 10,000 MIME parts. + 1:2.2.27-3+deb9u6 [Fri, 14 Aug 2020 12:28:38 -0400] Roberto C. Sanchez <roberto@debian.org>: * Non-maintainer upload by the LTS Team. <http://10.200.17.11/4.4-7/#199086578204598586>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] e8aa006089 Bug #52550: dovecot 1:2.2.27-3+deb9u7 doc/errata/staging/dovecot.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x863>