dovecot security update

1:2.2.36-6.1 - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts 1871841 - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation 1871843 - fix CVE-2020-12674 crash due to assert in RPA implementation 1871842...

RHEL 7 : dovecot (RHSA-2020:3617)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3617 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

atftpd daemon Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert call resulting in denial-of-service. An attacker can send a sequence of malicious packets to...

Open-Xchange: Assert failed in `edit_mail_istream_read`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "variables"; require "editheader"; testset "message" "$mege"; test "" addheader :last "der" "Her-3"; if not testresultexecute Output is with ASAN enabled stack trace testsuite: Panic: file edit-mail.c: line...

FreeBSD : mail/dovecot -- multiple vulnerabilities (87a07de1-e55e-4d51-bb64-8d117829a26a)

Aki Tuomi reports : Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

openSUSE: Security Advisory for nasm (openSUSE-SU-2020:0952-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rust, rust-cbindgen (moderate)

openSUSE Security Update: Security update for rust, rust-cbindgen Announcement ID: openSUSE-SU-2020:0933-1 Rating: moderate References: 1115645 1154817 1173202 Cross-References: CVE-2020-1967 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now...

CVE-2020-3645

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

Code injection

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2020-3645

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2020-3645

CVE-2020-3645 affects Qualcomm/Qualcomm-based WLAN firmware used across Snapdragon Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, and related SoCs (e.g., IPQ6018, IPQ8074, Kamorta, Nicobar, QCA63xx, QCN7xxx, SC7xxx, SDM8xx, SXR1x0, etc.). The vulne...

Denial Of Service (DoS)

Eclipse Mosquitto is vulnerable to denial of service DoS. It is possible when a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, leading to an unreachable assert and quiting the Mosquitto...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-1405)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2019-13465

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. ROSASSERTMSG only works when ROSASSERTENABLED is defined. This leads to a problem in the remove function in clients/roscpp/src/libros/spinner.cpp. When ROSASSERTENABLED is not...

CVE-2019-18844

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pcicore.h instead of other mechanisms for propagating error information or diagnostic information, which might allow attackers to cause a denial of service assertion failu...

CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...

openSUSE Security Update : bind (openSUSE-2019-2265)

This update for bind fixes the following issues : Security issue fixed : - CVE-2019-6471: Fixed a reachable assert in dispatch.c. bsc1138687 Non-security issue fixed : - bind will no longer rely on /etc/insserv.conf bsc1118367, bsc1118368 This update was imported from the SUSE:SLE-15:Update updat...

CVE-2019-2174

In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Debian DSA-4514-1 : varnish - security update

Alf-Andre Walla discovered a remotely triggerable assert in the Varnish web accelerator; sending a malformed HTTP request could result in denial of service. The oldstable distribution stretch is not affected. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...