You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa Dovecot

Sigurnosni nedostatak programskog paketa Dovecot

by - 0

==========================================================================
Ubuntu Security Notice USN-3928-1
April 01, 2019

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Dovecot could be made to crash or run programs as an administrator
if it opened a specially crafted file.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

It was discovered that Dovecot incorrectly handled reading certain headers
from the index. A local attacker could possibly use this issue to escalate
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
dovecot-core 1:2.3.2.1-1ubuntu3.2

Ubuntu 18.04 LTS:
dovecot-core 1:2.2.33.2-1ubuntu4.3

Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.10

Ubuntu 14.04 LTS:
dovecot-core 1:2.2.9-1ubuntu2.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3928-1
CVE-2019-7524

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.2.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.33.2-1ubuntu4.3
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.10
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlyiCyIACgkQZWnYVadE
vpMejxAAkOy1c9n3nh4cQjvz/7e85yberzCcUsTiypWrcYWhKvidqZ9xc9jFHcP2
Mn6BWngKqr4xGbLEtbI34Mzzq9AgROHHe2YrV6B5wkCdoq2icG1AmpPvDMp4GuD/
u5GZz2cEDt2eFL5gxUoQiHOidkPlpGMTf+wZWYBOebIPu01pbWK+k7Usn7aSqUEq
BYGcnIoZ5I/m4TH1kP66kK1H/mqSCwBdtTJq7z/PSHC9vk2KGJtZhNfAnvLBjzLk
2h8/oOUPg947cuceqj0NKpXnlW3pfCKLmrCWe+3othSHkb0MM9BOXoKu0UT3EDhY
nVaMckTHq++y9JEfTCuuuRYV1N2Sp6Ukr+taKlYqFTA9YGWS9fNTMrGLPKp3tlsH
2H3K5SMV0WaMKKHU8vs8k+KPkfO2yatvpfsdXzqF/x3nrAYwU+PBY+yN3/l9poxL
9KjOgpixxfVxoW4whxtWly6siTj61o3Qz+VgIpfSh9fGA7XW91Zi3CUK9Yh4Snnx
8UDQDcjwW0c9lPx0iZKG/Gd+011V1DGHnK4FE8kJfeAhF7HeGg0IoMPTfns+rpeI
kwtITFrIysnLUe4feMJggIAar+0rqjU0GiOfQslCwrjQKF8haVvwcnVwQbM1nb8q
d9nlO0VEWmW/hIiwYuaNNWwtqJ5rFynEhrShb3P7WE7dAMdNcio=
=Qn0o
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili izvršavanje proizvoljnog programskog...

Close