Fix of CVE: CVE-2020-25275, CVE-2020-12100

🗓️ 18 Oct 2021 16:15:45Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 37 Views

Fix of two CVEs for resource exhaustion and denial of service via MIME parsin

Reporter	Title	Published	Views	Family All 210
0day.today	Dovecot 2.3.11.3 Denial Of Service Vulnerability	7 Jan 202100:00	–	zdt
ALT Linux	Security fix for the ALT Linux 9 package dovecot version 2.3.11.3-alt1	7 Dec 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package dovecot version 2.3.13-alt1	18 Jan 202100:00	–	altlinux
FreeBSD	mail/dovecot -- multiple vulnerabilities	23 Apr 202000:00	–	freebsd
FreeBSD	mail/dovecot -- multiple vulnerabilities	17 Aug 202000:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : dovecot (ALAS-2020-1489)	17 Sep 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : dovecot (ALAS-2020-1435)	28 Oct 202000:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0115: dovecot (ALINUX3-SA-2022:0115)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : dovecot (ALSA-2021:1887)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : dovecot (CESA-2020:3713)	1 Feb 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	x86_64	dovecot-pigeonhole	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	dovecot-mysql	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	dovecot-pgsql	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	i686	dovecot	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	i686	dovecot-devel	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	dovecot-devel	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	dovecot	2.0.9	dovecot-2.0.9-23.el6.cloudlinux.els.src.rpm

Source	Link
errata	www.errata.cloudlinux.com/els6/CLSA-2021-1634573745.html

18 Oct 2021 16:15Current

3.7Low risk

Vulners AI Score3.7

CVSS 25

CVSS 3.17.5

EPSS0.19614

cve-2020-25275 resource exhaustion denial of service mime parsing unix