[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2517-1] dovecot security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2517-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
January 05, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : dovecot
Version        : 1:2.2.27-3+deb9u7
CVE IDs        : CVE-2020-24386 & CVE-2020-25275

It was discovered that there were two issues in the Dovecot IMAP
server:

   * CVE-2020-24386: Prevent an issue where an attacker could cause
     Dovecot to discover file system directory structure and even
     access other users' emails using a pecially crafted command.

   * CVE-2020-25275: Prevent an issue where a malicious sender can
     crash Dovecot repeatedly by sending messages with more than
     10,000 MIME parts.

For Debian 9 "Stretch", these problems has been fixed in version
1:2.2.27-3+deb9u7 and we recommend that you upgrade your dovecot
packages.

For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl/0lswACgkQHpU+J9Qx
HliPPBAAu1YmulL00EafxT2VKAb3+kZbkI5IKAh02Q64jvxU/5P1lPdwFAxpx4Gt
pq3+c72e8uSjYDe+fsRGl7zQtkPr11rNKHmbS3QMtscWmVb0IZj8+oggffAEdWjB
pzdoAvdrVgNsA3dF05p1UVHn/eCrslYWqTH91pbTaJA0WFDoP72EQLQm74Yjgao+
GUngy77IauVVC1QlzhI+efRgecE+Av5P8CM6ynv9EY6PUm98m7gAkT6Kocct2zsl
eLoUBiQVw97twG8PelqjC8SQ06TnE+VEO1otd+dXCr+Ju0BFWG0ha2g1GL/peFSD
y9Xt41smLbXWYLGQbd8gpD18/MugttkLtIbovlrnITtwYoZ3G+gZwmRD8FNI2Np0
2L0dUEEoi+j4sHJSs8rYpjfuIX3ir+UQj96N1mdUWmZ3swv60T5L4j4vRyBXLk3s
VP9vIBMdpzpOY85mDlTMBYrIQaCeXjRR05UlhcNHXCKt0oGlREW8tJ0KNX8KYxpn
U7BsGWOYJi8Ai5Cso7mcEOBGutzgFylPsnRFPLUmYmWxTdHhHezmZfbDqJHMgWyK
GcMqfFhcykV+MksxkuvktTgDigqbwP3W2Yr+x0rm1ED2NfR6rdzFKcI4UT7A7Iq9
mPGcxbd0ubuqIOZEMOCp8mPc9KvTMh34ld1IqXna28bohGaVfog=
=SJgY
-----END PGP SIGNATURE-----


Reply to: