[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1667-1] dovecot security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : dovecot
Version        : 1:2.2.13-12~deb8u5
CVE ID         : CVE-2019-3814

It was discovered that there was a vulnerability in the dovecot
IMAP/POP3 server.

A flaw in the TLS username handling could lead to an attacker
logging in as anyone else in the system if both
auth_ssl_{require_client,username_from}_cert were enabled.

For Debian 8 "Jessie", this issue has been fixed in dovecot version
1:2.2.13-12~deb8u5.

We recommend that you upgrade your dovecot packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxcZvAACgkQHpU+J9Qx
Hljjnw//cuBph+QmqAJ+sPiyv3enpJbbLjjQmkWC5XCEcWoNxFxH6nt9y6BjLusu
Cw5Ah6GxVujZvfw1gu0XsUu4p/6ghHLYz4dOC1otdi/1m6Mk6CbylpSOlo43n0R9
wsDp29i4FoLQdz9UwSaE7ErnMAXGI5hCmRRXnaaW2A8OxITCXy80qHjK0/icZi8r
rn9DnbtEwkt//kPdPRS/SHq7o7Gd+VFTIUSniS4PquYMZnG28QJNkRwSOzHhC51f
75DRkb23+C65605OLhLAMncqwWPrwixI7LXqMknrSsBQ+nhkanAVrXlrH1N+y86U
6Eim/XNm4mSK9RACe4TMLB1UE633bln4lveJsvBNU6WwDqSIm2aehsNOEx+46euv
3hCLZVXQkpuYwxGmSDz2Dvvt9cNIwbWGUrOC8KsKOtBxytBMA2qXOzdeCoJcfTe4
XIjelTZ0FinE/zqMO6o+GLKTSIqxXUUVh+Vfu0fqLw/bFL4JHnXHgnzD/bFN0v0o
iUZhz3h7M8csl5seZTdh9p6vM6yNti3aDKZA1kfW+JCXzB8WjOKDx9YiCt8+8uDG
ilbamJSo2dMpX+DPZsCDGSemkvPUSCoOH8QYPNx+63g78Kg3z9w51kMNQfwNZC6M
dkDO4V4p4dRN5nurvC4/wrjOXNEzvTCiB4NnIgWIFIFzGk8kWMY=
=PLha
-----END PGP SIGNATURE-----
Reply to: