20 matches found
RHSA-2026:19453 Red Hat Security Advisory: dovecot security update
Bulletin has no description...
RHSA-2026:19149 Red Hat Security Advisory: dovecot security update
Bulletin has no description...
RLSA-2026:13830 Important: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
Medium: dovecot
Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23184 Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Issue...
[SECURITY] [DLA 3860-1] dovecot security update
Debian LTS Advisory DLA-3860-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 02, 2024 https://wiki.debian.org/LTS Package : dovecot Version : 1:2.3.13+dfsg1-2+deb11u2 CVE ID : CVE-2024-23184 CVE-2024-23185 Debian Bug : 1078876 1078877 Vulnerabilities we...
MGASA-2022-0296 Updated dovecot packages fix security vulnerability
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...
OPENSUSE-SU-2021:1225-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
OPENSUSE-SU-2021:2892-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
SUSE-SU-2021:2892-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
SUSE-SU-2021:2891-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
MGASA-2021-0008 Updated dovecot packages fix security vulnerabilities
It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users’ email CVE-2020-24386. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could...
SUSE-SU-2021:0029-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...
SUSE-SU-2021:0027-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...
MGASA-2020-0330 Updated dovecot packages fix security vulnerability
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674:...
[SECURITY] [DSA 4690-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...
MGASA-2019-0141 Updated dovecot packages fix security vulnerability
CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files...
DSA-4385-1 dovecot - security update
Bulletin has no description...
[SECURITY] [DLA 1333-1] dovecot security update
Package : dovecot Version : 1:2.1.7-7+deb7u2 CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco...
[ MDVSA-2010:217 ] dovecot
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:217 http://www.mandriva.com/security/ Package : dovecot Date : October 30, 2010 Affected: 2010.0, 2010.1 Problem Description: Multiple vulnerabilities was discovered and corrected in dovecot: Dovecot 1.2.x...
BSA-006 Security Update for dovecot
Marco Nenciarini uploaded new packages for dovecot which fixed the following security problems: CVE-2010-3706 plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instea...