Download
| Alert*
|
oval:org.secpod.oval:def:89050780
This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel . - CVE-2019-11494: Fixed a denial of service if th ... oval:org.secpod.oval:def:1801472 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801430 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801428 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:116838 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:116759 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. |
