2 matches found
SUSE CVE-2011-4318
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name CN of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers...
dovecot security and bug fix update
1:2.0.9-5 - script-login did not drop privileges correctly 709095 - fix directory traversal due to not obeying chroot directive 709097 - check proxy destination host against SSL certificate name 754980 1:2.0.9-4 - dovecot may not set correct premissions for mail folder 697620 1:2.0.9-3 - fix...