Mageia: 2021-0008 Critical: Dovecot Remote Access and DoS Issues
mageia
January 8, 2021
It was discovered that Dovecot incorrectly handled certain imap hibernation commands
Summary
It was discovered that Dovecot incorrectly handled certain imap hibernation
commands. A remote authenticated attacker could possibly use this issue to
access other users’ email (CVE-2020-24386).
Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME
parsing. A remote attacker could possibly use this issue to cause Dovecot
to crash, resulting in a denial of service (CVE-2020-25275).
The dovecot package has been updated to version 2.3.13, fixing these issues
and other bugs. See the upstream release announcement for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=28012
- https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
- https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
- https://ubuntu.com/security/notices/USN-4674-1
- https://www.cve.org/CVERecord?id=CVE-2020-24386
- https://www.cve.org/CVERecord?id=CVE-2020-25275
Resolution
SRPMS
- 7/core/dovecot-2.3.13-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 08 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0008.html
Type: security
CVE: CVE-2020-24386,
CVE-2020-25275
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!