MGASA-2021-0008
- Source
- https://advisories.mageia.org/MGASA-2021-0008.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0008.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0008
- Related
- Published
- 2021-01-08T13:59:29Z
- Modified
- 2021-01-08T13:21:19Z
- Summary
- Updated dovecot packages fix security vulnerabilities
- Details
-
It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other usersâ email (CVE-2020-24386).
Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service (CVE-2020-25275).
The dovecot package has been updated to version 2.3.13, fixing these issues and other bugs. See the upstream release announcement for details.
- References
-
- https://advisories.mageia.org/MGASA-2021-0008.html
- https://bugs.mageia.org/show_bug.cgi?id=28012
- https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
- https://ubuntu.com/security/notices/USN-4674-1
- Credits
-
-
- Mageia - COORDINATOR
-