SUSE-SU-2021:2890-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...

OPENSUSE-SU-2021:2123-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails bsc1187418 - CVE-2021-33515: Attacker can potentially steal user credentials and mails bsc1187419...

OPENSUSE-SU-2021:0072-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...

OPENSUSE-SU-2021:0026-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...

SUSE-SU-2020:2267-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size bsc1174922. - CVE-2020-12674: improper implementation of RPA mechanism bsc1174923...

SUSE-SU-2020:1379-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-10957: Fixed a crash caused by malformed NOOP commands bsc1171457. - CVE-2020-10958: Fixed a use-after-free when receiving too many newlines bsc1171458. - CVE-2020-10967: Fixed a crash in the lmtp and submissi...