1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4418-1] dovecot security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Mar 28 21:10:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4418-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 28, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : dovecot
    CVE ID : CVE-2019-7524

    A vulnerability was discovered in the Dovecot email server. When reading
    FTS or POP3-UIDL headers from the Dovecot index, the input buffer size
    is not bounds-checked. An attacker with the ability to modify dovecot
    indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user.
    Only installations using the FTS or pop3 migration plugins are affected.

    For the stable distribution (stretch), this problem has been fixed in
    version 1:2.2.27-3+deb9u4.

    We recommend that you upgrade your dovecot packages.

    For the detailed security status of dovecot please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/dovecot

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlydJ2BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QeAxAAnrz+NqPivUYsdYgGYodb62w2/ofsuRu88KPaCUiGU/yGNG7kbrCD86D6 mYzdvrr9k2IO4vpDVj4CxEMUAVVEeoZB2SFw/8EoCjk+OlNT5prWcbIrnV3A9nGW IqHo39nBnwwSCq6ork4PtOJMWcoiHHvKSRt48qs0X56MJ/I+tUzbOhCTFNEal6/8 TtWnhJs5uJy/VyrjLfCK5NXdU8uxhN5i1kyKyjS60Ddtvsmx/mMM0dMXdCOzE83w zJ+ipPNlJmDHaWv7ZG3nJXo03Hn8Pm/cbZ2Le1RF3EiJ76jwx62K2JyBFDIkVxJc a0lwvCxTSlrpSFZj1ljwsotoJ1GCWyh9NbEvEl1teBESH/n+eUhAJ+rRw0yNUcED h8bT9zN1ijJiIHtkESChGy/7c+cTycrbSwodoa9eAYKi/RxfKJRdrAopMMa48RWT MoF2YaMvUFpcok7xdukt4PdFUSTkncP6yU/9j3IA9r18wbzWINl/Nmqzu3Vu53fE jJuUOeqHFXbOvYuwsvi/zE87ZIsnlZ1NLJv2hN7hvlespV+mXSBA30ccCkuFgShc PD43YjqZBi443LK8XbFCJ6G4f57yKm+IdlhDf1lm2vAwuBiGHcwwrMietLdpCMhN YPQRQZJz2XoiZnktxOzu7WG9inUNh00xkTygriExrN9m4Z8z3X0=
    =tQEW
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)