Lucene search

K
oraclelinuxOracleLinuxELSA-2020-4763
HistoryNov 10, 2020 - 12:00 a.m.

dovecot security update

2020-11-1000:00:00
linux.oracle.com
22
security update
dovecot
cve-2020-12100
mime parts
cve-2020-12673
ntlm implementation
cve-2020-12674
rpa implementation
cve-2020-10957
noop commands
dos
cve-2020-10958
use-after-free
cve-2020-10967
empty quoted localpart

EPSS

0.041

Percentile

92.3%

[1:2.3.8-4]

  • fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
  • fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
  • fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
    [1:2.3.8-3]
  • fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
  • fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
    leads to use-after-free (#1840357)
  • fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
    leads to DoS (#1840356)