Download
| Alert*
oval:org.secpod.oval:def:51771
dovecot: IMAP and POP3 email server Details: USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the & ... oval:org.secpod.oval:def:58859 dovecot: IMAP and POP3 email server Details: USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4110-1 introduced a regression in Dovecot. oval:org.secpod.oval:def:602850 The Dovecot update issued as DSA-3828-1 introduced a regression, this update reverts the backported patch. Further analysis by the Dovecot team has shown that only versions starting from 2.2.26 are affected. For reference, the original advisory text follows. It was discovered that the Dovecot email ... oval:org.secpod.oval:def:54109 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:70319 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:701975 dovecot-core is installed oval:org.secpod.oval:def:70209 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:70150 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:701941 dovecot: IMAP and POP3 email server Dovecot could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:52214 dovecot: IMAP and POP3 email server Dovecot could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:73704 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:704910 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703563 dovecot: IMAP and POP3 email server Details: USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the & ... oval:org.secpod.oval:def:703562 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:51770 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704003 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:52070 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:52006 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:704179 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:603296 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ... oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:603628 halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in ... oval:org.secpod.oval:def:51212 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:603836 A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of ... oval:org.secpod.oval:def:69746 Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input . A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution ... oval:org.secpod.oval:def:604511 Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input . A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution ... oval:org.secpod.oval:def:705150 dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. oval:org.secpod.oval:def:705152 dovecot: IMAP and POP3 email server Details: USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4110-1 introduced a regression in Dovecot. oval:org.secpod.oval:def:58858 dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. oval:org.secpod.oval:def:707625 dovecot: IMAP and POP3 email server Dovecot could allow unintended access to network services. |