dovecot security update

2019-09-27T12:11:33
ID CESA-2019:2885
Type centos
Reporter CentOS Project
Modified 2019-09-27T12:11:33

Description

CentOS Errata and Security Advisory CESA-2019:2885

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

  • dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2019-September/035491.html

Affected packages: dovecot dovecot-devel dovecot-mysql dovecot-pgsql dovecot-pigeonhole

Upstream details at: