Lucene search

DebianDEBIAN:DLA-1667-1:1A9F5

HistoryFeb 07, 2019 - 5:14 p.m.

[SECURITY] [DLA 1667-1] dovecot security update

2019-02-0717:14:15

lists.debian.org

144

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.3%

JSON

Package : dovecot
Version : 1:2.2.13-12~deb8u5
CVE ID : CVE-2019-3814

It was discovered that there was a vulnerability in the dovecot
IMAP/POP3 server.

A flaw in the TLS username handling could lead to an attacker
logging in as anyone else in the system if both
auth_ssl_{require_client,username_from}_cert were enabled.

For Debian 8 "Jessie", this issue has been fixed in dovecot version
1:2.2.13-12~deb8u5.

We recommend that you upgrade your dovecot packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] 🍥 chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian9mipseldovecot-managesieved< 1:2.2.27-3+deb9u3dovecot-managesieved_1:2.2.27-3+deb9u3_mipsel.deb
Debian9mipseldovecot-mysql< 1:2.2.27-3+deb9u3dovecot-mysql_1:2.2.27-3+deb9u3_mipsel.deb
Debian9ppc64eldovecot-gssapi< 1:2.2.27-3+deb9u3dovecot-gssapi_1:2.2.27-3+deb9u3_ppc64el.deb
Debian9ppc64eldovecot-lucene< 1:2.2.27-3+deb9u3dovecot-lucene_1:2.2.27-3+deb9u3_ppc64el.deb
Debian9armhfdovecot-gssapi< 1:2.2.27-3+deb9u3dovecot-gssapi_1:2.2.27-3+deb9u3_armhf.deb
Debian9amd64dovecot-pop3d< 1:2.2.27-3+deb9u3dovecot-pop3d_1:2.2.27-3+deb9u3_amd64.deb
Debian8amd64dovecot-mysql< 1:2.2.13-12~deb8u5dovecot-mysql_1:2.2.13-12~deb8u5_amd64.deb
Debian9mipsdovecot-solr< 1:2.2.27-3+deb9u3dovecot-solr_1:2.2.27-3+deb9u3_mips.deb
Debian9armeldovecot-dbg< 1:2.2.27-3+deb9u3dovecot-dbg_1:2.2.27-3+deb9u3_armel.deb
Debian8armeldovecot-core< 1:2.2.13-12~deb8u5dovecot-core_1:2.2.13-12~deb8u5_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mipsel	dovecot-managesieved	< 1:2.2.27-3+deb9u3	dovecot-managesieved_1:2.2.27-3+deb9u3_mipsel.deb
Debian	9	mipsel	dovecot-mysql	< 1:2.2.27-3+deb9u3	dovecot-mysql_1:2.2.27-3+deb9u3_mipsel.deb
Debian	9	ppc64el	dovecot-gssapi	< 1:2.2.27-3+deb9u3	dovecot-gssapi_1:2.2.27-3+deb9u3_ppc64el.deb
Debian	9	ppc64el	dovecot-lucene	< 1:2.2.27-3+deb9u3	dovecot-lucene_1:2.2.27-3+deb9u3_ppc64el.deb
Debian	9	armhf	dovecot-gssapi	< 1:2.2.27-3+deb9u3	dovecot-gssapi_1:2.2.27-3+deb9u3_armhf.deb
Debian	9	amd64	dovecot-pop3d	< 1:2.2.27-3+deb9u3	dovecot-pop3d_1:2.2.27-3+deb9u3_amd64.deb
Debian	8	amd64	dovecot-mysql	< 1:2.2.13-12~deb8u5	dovecot-mysql_1:2.2.13-12~deb8u5_amd64.deb
Debian	9	mips	dovecot-solr	< 1:2.2.27-3+deb9u3	dovecot-solr_1:2.2.27-3+deb9u3_mips.deb
Debian	9	armel	dovecot-dbg	< 1:2.2.27-3+deb9u3	dovecot-dbg_1:2.2.27-3+deb9u3_armel.deb
Debian	8	armel	dovecot-core	< 1:2.2.13-12~deb8u5	dovecot-core_1:2.2.13-12~deb8u5_armel.deb