Mageia: 2019-0072 Moderate: Dovecot Trust Issue for Usernames
mageia
February 13, 2019
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenl...
Summary
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
References
- https://bugs.mageia.org/show_bug.cgi?id=24314
- https://dovecot.org/list/dovecot-news/2019-February/000393.html
- https://www.openwall.com/lists/oss-security/2019/02/05/1
- https://lists.debian.org/debian-security-announce/2019/msg00024.html
- https://www.cve.org/CVERecord?id=CVE-2019-3814
Topics Covered
Resolution
SRPMS
- 6/core/dovecot-2.2.36.1-1.mga6
PREVIOUS
NEXT
Publication date: 13 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0072.html
Type: security
CVE: CVE-2019-3814
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!