Parent Directory | Revision Log
MGASA-2020-0330: dovecot-2.3.11.3-1.mga7
1 | type: security |
2 | subject: Updated dovecot packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2020-12100 |
5 | - CVE-2020-12673 |
6 | - CVE-2020-12674 |
7 | src: |
8 | 7: |
9 | core: |
10 | - dovecot-2.3.11.3-1.mga7 |
11 | description: | |
12 | CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource |
13 | exhaustion as Dovecot attempts to parse it. |
14 | CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message |
15 | buffer size, which leads to reading past allocation which can lead to crash. |
16 | CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length |
17 | message, which leads to assert-crash later on. |
18 | references: |
19 | - https://bugs.mageia.org/show_bug.cgi?id=27099 |
20 | - https://dovecot.org/pipermail/dovecot-news/2020-August/000441.html |
21 | - https://dovecot.org/pipermail/dovecot-news/2020-August/000442.html |
22 | - https://dovecot.org/pipermail/dovecot-news/2020-August/000443.html |
23 | ID: MGASA-2020-0330 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |