MGASA-2020-0222

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0222.html

Import Source

https://advisories.mageia.org/MGASA-2020-0222.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0222

Related

CVE-2020-10957
CVE-2020-10958
CVE-2020-10967

Published

2020-05-24T18:04:47Z

Modified

2020-05-24T17:26:46Z

Summary

Updated dovecot packages fix security vulnerabilities

Details

Dovecot has been updated to fix several security issues.

Sending malformed NOOP command causes crash in submission, submission-login or lmtp service (CVE-2020-10957).

Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service (CVE-2020-10958).

Sending mail with empty quoted localpart causes submission or lmtp component to crash (CVE-2020-10967).

References

https://advisories.mageia.org/MGASA-2020-0222.html
https://bugs.mageia.org/show_bug.cgi?id=26644
https://www.openwall.com/lists/oss-security/2020/05/18/1

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0222

Affected packages