Univention Bugzilla – Bug 48765
dovecot: Multiple issues (4.2)
Last modified: 2019-02-27 14:06:43 CET
New Debian dovecot 1:2.2.13-12~deb8u5 fixes: This update addresses the following issue: * 1:2.2.13-12~deb8u5 (Thu, 07 Feb 2019 17:57:04 +0100) * CVE-2019-3814: Fix a vulnerability in the TLS username handling where an attacker could login as anyone else in the system if auth_ssl_{require_client_cert,username_from_cert} was enabled. * 1:2.2.13-12~deb8u5 (Thu, 07 Feb 2019 17:57:04 +0100) * CVE-2019-3814: Fix a vulnerability in the TLS username handling where an attacker could login as anyone else in the system if auth_ssl_{require_client_cert,username_from_cert} was enabled. * 1:2.2.13-12~deb8u5 (Thu, 07 Feb 2019 17:57:04 +0100) * CVE-2019-3814: Fix a vulnerability in the TLS username handling where an attacker could login as anyone else in the system if auth_ssl_{require_client_cert,username_from_cert} was enabled. * 1:2.2.13-12~deb8u5 (Thu, 07 Feb 2019 17:57:04 +0100) * CVE-2019-3814: Fix a vulnerability in the TLS username handling where an attacker could login as anyone else in the system if auth_ssl_{require_client_cert,username_from_cert} was enabled.
--- mirror/ftp/4.2/unmaintained/4.2-4/source/dovecot_2.2.13-12~deb8u4.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/dovecot_2.2.13-12~deb8u5.dsc @@ -1,3 +1,9 @@ +1:2.2.13-12~deb8u5 [Thu, 07 Feb 2019 17:57:04 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2019-3814: Fix a vulnerability in the TLS username handling where an + attacker could login as anyone else in the system if + auth_ssl_{require_client_cert,username_from_cert} was enabled. + 1:2.2.13-12~deb8u4 [Thu, 01 Mar 2018 19:12:05 +0200] Apollon Oikonomopoulos <apoikos@debian.org>: * [eb6eab8] Fix CVE-2017-14461: rfc822_parse_domain information leak <http://10.200.17.11/4.2-5/#6068305004164420190>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 24a64a334d Bug #48765: dovecot 1:2.2.13-12~deb8u5 doc/errata/staging/dovecot.yaml | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) [4.2-5] ef1ac5916b Bug #48765: dovecot 1:2.2.13-12~deb8u5 doc/errata/staging/dovecot.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<http://errata.software-univention.de/ucs/4.2/599.html>