advisories/24588.adv

type: security
subject: Updated dovecot packages fix security vulnerability
CVE:
 - CVE-2019-7524
src:
  6:
   core:
     - dovecot-2.2.36.3-1.mga6
description: |
  CVE-2019-7524: Missing input buffer size validation leads into arbitrary
  buffer overflow when reading fts or pop3 uidl header from Dovecot index.
  Exploiting this requires direct write access to the index files.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24588
 - https://nvd.nist.gov/vuln/detail/CVE-2019-7524
 - https://www.dovecot.org/list/dovecot-news/2019-March/000402.html
ID: MGASA-2019-0141
1	type: security
2	subject: Updated dovecot packages fix security vulnerability
3	CVE:
4	- CVE-2019-7524
5	src:
6	6:
7	core:
8	- dovecot-2.2.36.3-1.mga6
9	description: \|
10	CVE-2019-7524: Missing input buffer size validation leads into arbitrary
11	buffer overflow when reading fts or pop3 uidl header from Dovecot index.
12	Exploiting this requires direct write access to the index files.
13	references:
14	- https://bugs.mageia.org/show_bug.cgi?id=24588
15	- https://nvd.nist.gov/vuln/detail/CVE-2019-7524
16	- https://www.dovecot.org/list/dovecot-news/2019-March/000402.html
17	ID: MGASA-2019-0141