[SECURITY] [DLA 1667-1] dovecot security update

2019-02-07T17:22:08
ID DEBIAN:DLA-1667-1:1A9F5
Type debian
Reporter Debian
Modified 2019-02-07T17:22:08

Description

Package : dovecot Version : 1:2.2.13-12~deb8u5 CVE ID : CVE-2019-3814

It was discovered that there was a vulnerability in the dovecot IMAP/POP3 server.

A flaw in the TLS username handling could lead to an attacker logging in as anyone else in the system if both auth_ssl_{require_client,username_from}_cert were enabled.

For Debian 8 "Jessie", this issue has been fixed in dovecot version 1:2.2.13-12~deb8u5.

We recommend that you upgrade your dovecot packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
   `-