USN-7013-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-7013-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7013-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-7013-1

Related

Published

2024-09-16T11:52:43.811594Z

Modified

2024-09-16T11:52:43.811594Z

Summary

dovecot vulnerabilities

Details

It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. (CVE-2024-23184)

It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. (CVE-2024-23185)

References

Affected packages

Ubuntu:20.04:LTS / dovecot

Package

Name: dovecot
Purl: pkg:deb/ubuntu/dovecot@1:2.3.7.2-1ubuntu3.7?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.3.7.2-1ubuntu3.7

Affected versions

1:2.*

1:2.3.4.1-5ubuntu3

1:2.3.7.2-1ubuntu1

1:2.3.7.2-1ubuntu2

1:2.3.7.2-1ubuntu3

1:2.3.7.2-1ubuntu3.1

1:2.3.7.2-1ubuntu3.2

1:2.3.7.2-1ubuntu3.3

1:2.3.7.2-1ubuntu3.4

1:2.3.7.2-1ubuntu3.5

1:2.3.7.2-1ubuntu3.6

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "dovecot-gssapi": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-solr": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-lmtpd-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-lucene-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-managesieved": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-pop3d": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-sieve": "1:2.3.7.2-1ubuntu3.7",
            "mail-stack-delivery": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-ldap-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-core": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-lucene": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-submissiond-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-auth-lua": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-sqlite": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-ldap": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-sqlite-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-pgsql-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-imapd-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-solr-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-auth-lua-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-gssapi-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-submissiond": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-lmtpd": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-imapd": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-pgsql": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-mysql": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-pop3d-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-sieve-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-core-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-managesieved-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-mysql-dbgsym": "1:2.3.7.2-1ubuntu3.7",
            "dovecot-dev": "1:2.3.7.2-1ubuntu3.7"
        }
    ]
}

Ubuntu:22.04:LTS / dovecot

Package

Name: dovecot
Purl: pkg:deb/ubuntu/dovecot@1:2.3.16+dfsg1-3ubuntu2.4?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.3.16+dfsg1-3ubuntu2.4

Affected versions

1:2.*

1:2.3.13+dfsg1-1ubuntu3

1:2.3.16+dfsg1-3ubuntu1

1:2.3.16+dfsg1-3ubuntu2

1:2.3.16+dfsg1-3ubuntu2.1

1:2.3.16+dfsg1-3ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "dovecot-gssapi": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-solr": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-lmtpd-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-lucene-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-managesieved": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-pop3d": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-sieve": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-ldap-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-core": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-lucene": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-submissiond-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-sqlite": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-auth-lua": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-ldap": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-sqlite-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-managesieved-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-imapd-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-solr-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-sieve-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-gssapi-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-imapd": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-lmtpd": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-auth-lua-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-pgsql": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-mysql": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-pop3d-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-submissiond": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-core-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-pgsql-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-mysql-dbgsym": "1:2.3.16+dfsg1-3ubuntu2.4",
            "dovecot-dev": "1:2.3.16+dfsg1-3ubuntu2.4"
        }
    ]
}