[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1736-1] dovecot security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : dovecot
Version        : 1:2.2.13-12~deb8u6
CVE ID         : CVE-2019-7524

A security vulnerability was discovered in the Dovecot email server.
When reading FTS headers from the Dovecot index, the input buffer
size is not bounds-checked. An attacker with the ability to modify
dovecot indexes, can take advantage of this flaw for privilege
escalation or the execution of arbitrary code with the permissions of
the dovecot user. Only installations using the FTS plugins are affected.

For Debian 8 "Jessie", this problem has been fixed in version
1:2.2.13-12~deb8u6.

We recommend that you upgrade your dovecot packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyeGVRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSQkBAArW3TSJkFe2HAw7x/pQJ3aiyXQRQ0KtzBoGJgaDTNQV5J4Dr6OvIj8ZNO
KQBDn7W2MMEAMS7IWglaAd5CBmGuxBOsQlhPdPHF79iJpEdwo7lfgNX/v4fhFzHh
IPItFHpe8zl327cZajFO6inZ0+Fc59X/qtQizkNxFxFc8Dm/MViXpYId6k+xZML8
7l8pnr2aZ3zy0XOMMYWLS94iOiE08Nl2snN6D7ZyjaR9UHXkJY0+W5RKx3zR41rf
NnQiEGIp37GdZDELwEKDGhxkbCjh+5zX2i9plfP3WSUA4mhxD5OK0gGuDBdCTt/+
Sh+AuZ/NER3rqadnU84Iff9APUtdk/3lESz36kSDOCLAYtgIIYHQ+miHNJrXFhMw
Y+m02PD2slf7lFSPdkiiwdfNgAqoKdSZRwDXh6jIBi7D2tePXxi1oXo/0sWc5Qje
WIuFO9FTVYB2uG8S0o7uQ+Z+6gXttY+7kVk2V6dnJdGe2CDZe6bJS9Jz9EDouEXP
/qk2xKrfiwt4K0clys3fu9ICkBTlzwCShdWWEDEGN2nm/SncVEyaEHJTqm/Jjzte
B1pBKv0kAg23bmPCynpzKXe/0+67Rbzhtq02DqIr+pbUBDBtfM6oS1tkIMULHbwc
tPSrJklldgY5fD+ZkpxUSPpXs050fqJMxD1NH2CuFqsXBZmvc2w=
=CfSM
-----END PGP SIGNATURE-----


Reply to: