Debian 9 DLA-2328-1 Critical: Dovecot Email Server Security Issues
debian lts
August 15, 2020
Several vulnerabilities have been discovered in the Dovecot email server
Summary
Receiving mail with deeply nested MIME parts leads to resource
exhaustion as Dovecot attempts to parse it.
CVE-2020-12673
Dovecot's NTLM implementation does not correctly check message
buffer size, which leads to a crash when reading past allocation.
CVE-2020-12674
Dovecot's RPA mechanism implementation accepts zero-length message,
which leads to assert-crash later on.
For Debian 9 stretch, these problems have been fixed in version
1:2.2.27-3+deb9u6.
We recommend that you upgrade your dovecot packages.
For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/dovecot
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: dovecot
Version: 1:2.2.27-3+deb9u6
CVE ID: CVE-2020-12100 CVE-2020-12673 CVE-2020-12674
Debian Bug: 968302
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!