Download
| Alert*
oval:org.secpod.oval:def:89045606
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 : Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. ... oval:org.secpod.oval:def:89045569 This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 : Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. ... oval:org.secpod.oval:def:89045056 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails - CVE-2021-33515: Attacker can potentially steal user credentials and mails oval:org.secpod.oval:def:89045064 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails - CVE-2021-33515: Attacker can potentially steal user credentials and mails oval:org.secpod.oval:def:120414 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:120415 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:706054 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:89047138 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails - CVE-2021-33515: Attacker can potentially steal user credentials and mails oval:org.secpod.oval:def:89047140 This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 : Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. ... |