You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa dovecot23

Sigurnosni nedostaci programskog paketa dovecot23

openSUSE Security Update: Security update for dovecot23
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0026-1
Rating: important
References: #1174920 #1180405 #1180406
Cross-References: CVE-2020-12100 CVE-2020-24386 CVE-2020-25275

Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for dovecot23 fixes the following issues:

Security issues fixed:

– CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME
parts (bsc#1174920).
– CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users
to access other users’ emails (bsc#1180405).
– CVE-2020-25275: Fixed a crash when the 10000th MIME part was
message/rfc822 (bsc#1180406).

Non-security issues fixed:

– Pigeonhole was updated to version 0.5.11.
– Dovecot was updated to version 2.3.11.3.

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-26=1

Package List:

– openSUSE Leap 15.2 (x86_64):

dovecot23-2.3.11.3-lp152.2.6.1
dovecot23-backend-mysql-2.3.11.3-lp152.2.6.1
dovecot23-backend-mysql-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-backend-pgsql-2.3.11.3-lp152.2.6.1
dovecot23-backend-pgsql-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-backend-sqlite-2.3.11.3-lp152.2.6.1
dovecot23-backend-sqlite-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-debugsource-2.3.11.3-lp152.2.6.1
dovecot23-devel-2.3.11.3-lp152.2.6.1
dovecot23-fts-2.3.11.3-lp152.2.6.1
dovecot23-fts-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-fts-lucene-2.3.11.3-lp152.2.6.1
dovecot23-fts-lucene-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-fts-solr-2.3.11.3-lp152.2.6.1
dovecot23-fts-solr-debuginfo-2.3.11.3-lp152.2.6.1
dovecot23-fts-squat-2.3.11.3-lp152.2.6.1
dovecot23-fts-squat-debuginfo-2.3.11.3-lp152.2.6.1

References:

https://www.suse.com/security/cve/CVE-2020-12100.html
https://www.suse.com/security/cve/CVE-2020-24386.html
https://www.suse.com/security/cve/CVE-2020-25275.html
https://bugzilla.suse.com/1174920
https://bugzilla.suse.com/1180405
https://bugzilla.suse.com/1180406

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libxstream

Otkriveni su sigurnosni nedostaci programske biblioteke libxstream za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija ili...

Close