ELSA-2019-3467 -- Oracle dovecotID: oval:org.secpod.oval:def:1504508 | Date: (C)2021-01-10 (M)2023-12-20 |
Class: PATCH | Family: unix |
[1:2.2.36-10] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes [1:2.2.36-9] - reset errno before iterating through users [1:2.2.36-8] - fix CVE-2019-3814: improper certificate validation [1:2.2.36-7] - do not print error message when restorecon is not present during install - change default config to use minimal UID = 1000 [1:2.2.36-6] - use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled