Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 125 articles for you...
202

openSUSE: 2025:14715-1 moderate: dovecot24 package security update

An update that solves 24 vulnerabilities can now be installed.. # dovecot24-2.4.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14715-1 Rating: moderate Cross-References: * CVE-2017-14461 * CVE-2017-15130 * CVE-2017-15132 * CVE-2019-10691 * CVE-2019-11494 * CVE-2019-11499 * CVE-2019-11500 * CVE-2019-19722 * CVE-2019-3814 * CVE-2019-7524 * CVE-2020-10957 * CVE-2020-10958 * CVE-2020-10967 * CVE-2020-12100 * CVE-2020-12673 * CVE-2020-12674 * CVE-2020-24386 * CVE-2020-28200 * CVE-2020-7046 * CVE-2020-7957 * CVE-2021-29157 * CVE-2021-33515 * CVE-2024-23184 * CVE-2024-23185 CVSS scores: * CVE-2017-14461 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2017-15130 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2017-15132 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-10691 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2019-11500 ( SUSE ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2019-3814 ( SUSE ): 8.2 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2019-7524 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2020-10957 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-10958 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-10967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2020-12100 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-12673 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-12674 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-24386 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2020-28200 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-29157 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2021-33515 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-23184 ( SUSE ): 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2024-23184 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-23185 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-23185 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Affected Products: * openSUSE Tumbleweed An update that solves 24 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the dovecot24-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * dovecot24 2.4.0-1.1 * dovecot24-backend-mysql 2.4.0-1.1 * dovecot24-backend-pgsql 2.4.0-1.1 * dovecot24-backend-sqlite 2.4.0-1.1 * dovecot24-devel 2.4.0-1.1 * dovecot24-fts 2.4.0-1.1 * dovecot24-fts-flatcurve 2.4.0-1.1 * dovecot24-fts-solr 2.4.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2017-14461.html * https://www.suse.com/security/cve/CVE-2017-15130.html * https://www.suse.com/security/cve/CVE-2017-15132.html * https://www.suse.com/security/cve/CVE-2019-10691.html * https://www.suse.com/security/cve/CVE-2019-11494.html * https://www.suse.com/security/cve/CVE-2019-11499.html * https://www.suse.com/security/cve/CVE-2019-11500.html * https://www.suse.com/security/cve/CVE-2019-19722.html * https://www.suse.com/security/cve/CVE-2019-3814.html * https://www.suse.com/security/cve/CVE-2019-7524.html * https://www.suse.com/security/cve/CVE-2020-10957.html * https://www.suse.com/security/cve/CVE-2020-10958.html * https://www.suse.com/security/cve/CVE-2020-10967.html * https://www.suse.com/security/cve/CVE-2020-12100.html * https://www.suse.com/security/cve/CVE-2020-12673.html * https://www.suse.com/security/cve/CVE-2020-12674.html * https://www.suse.com/security/cve/CVE-2020-24386.html * https://www.suse.com/security/cve/CVE-2020-28200.html * https://www.suse.com/security/cve/CVE-2020-7046.html *https://www.suse.com/security/cve/CVE-2020-7957.html * https://www.suse.com/security/cve/CVE-2021-29157.html * https://www.suse.com/security/cve/CVE-2021-33515.html * https://www.suse.com/security/cve/CVE-2024-23184.html * https://www.suse.com/security/cve/CVE-2024-23185.html . A new release for dovecot24-2.4.0-1.1 in openSUSE resolves several security vulnerabilities classified with a moderate severity level.. dovecot24, openSUSE, security update, software vulnerabilities, moderate severity. . LinuxSecurity.com Team

Calendar%202 Jan 31, 2025 OpenSUSE
217

Oracle Linux 8 ELSA-2024-6973: Moderate Dovecot Updates for DoS Issues

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-6973 http://linux.oracle.com/errata/ELSA-2024-6973.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dovecot-2.3.16-6.el8_10.x86_64.rpm dovecot-mysql-2.3.16-6.el8_10.x86_64.rpm dovecot-pgsql-2.3.16-6.el8_10.x86_64.rpm dovecot-pigeonhole-2.3.16-6.el8_10.x86_64.rpm dovecot-2.3.16-6.el8_10.i686.rpm dovecot-devel-2.3.16-6.el8_10.i686.rpm dovecot-devel-2.3.16-6.el8_10.x86_64.rpm aarch64: dovecot-2.3.16-6.el8_10.aarch64.rpm dovecot-mysql-2.3.16-6.el8_10.aarch64.rpm dovecot-pgsql-2.3.16-6.el8_10.aarch64.rpm dovecot-pigeonhole-2.3.16-6.el8_10.aarch64.rpm dovecot-devel-2.3.16-6.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//dovecot-2.3.16-6.el8_10.src.rpm Related CVEs: CVE-2024-23184 CVE-2024-23185 Description of changes: [1:2.3.16-6] - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2024-7134 encompasses Postfix enhancements aimed at addressing vulnerabilities related to unauthorized access and performance degradation.. Oracle Linux, ELSA-2024-6973, dovecot, security updates, denial of service. . LinuxSecurity.com Team

Calendar%202 Sep 27, 2024 Oracle
219

Rocky Linux 9 RLSA-2024:6529 Moderate: Dovecot Denial Of Service

Moderate: dovecot security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:6529", "synopsis": "Moderate: dovecot security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for dovecot.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. \n\nSecurity Fix(es):\n\n* dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184)\n\n* dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2305909", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2305909", "description": ""}, {"ticket": "2305910", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2305910", "description": ""}], "cves": [{"name": "CVE-2024-23184", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-23184", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-23185", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-23185", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-09-17T00:55:55.661497Z", "rpms": {"Rocky Linux 9": {"nvras": ["dovecot-1:2.3.16-11.el9_4.1.aarch64.rpm","dovecot-1:2.3.16-11.el9_4.1.i686.rpm", "dovecot-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-1:2.3.16-11.el9_4.1.src.rpm", "dovecot-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-debuginfo-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-debuginfo-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-debuginfo-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-debuginfo-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-debugsource-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-debugsource-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-debugsource-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-debugsource-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-devel-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-devel-1:2.3.16-11.el9_4.1.i686.rpm", "dovecot-devel-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-devel-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-devel-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-mysql-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-mysql-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-mysql-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-mysql-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-mysql-debuginfo-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-mysql-debuginfo-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-pgsql-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-pgsql-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-pgsql-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-pgsql-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-pigeonhole-1:2.3.16-11.el9_4.1.aarch64.rpm", "dovecot-pigeonhole-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-pigeonhole-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-pigeonhole-1:2.3.16-11.el9_4.1.x86_64.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-11.el9_4.1.aarch64.rpm","dovecot-pigeonhole-debuginfo-1:2.3.16-11.el9_4.1.ppc64le.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-11.el9_4.1.s390x.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-11.el9_4.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A new Dovecot release has been issued for Rocky Linux, enhancing security measures and tackling issues of moderate severity.. Dovecot Security, Rocky Linux Update, IMAP Server Issues. . LinuxSecurity.com Team

Calendar%202 Sep 17, 2024 Rocky Linux
100

SUSE: 2024:3118-1 Important: Dovecot23 Denial of Service Fix

* bsc#1229183 * bsc#1229184 Cross-References: * CVE-2024-23184 . # Security update for dovecot23 Announcement ID: SUSE-SU-2024:3118-1 Rating: important References: * bsc#1229183 * bsc#1229184 Cross-References: * CVE-2024-23184 * CVE-2024-23185 CVSS scores: * CVE-2024-23184 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-23184 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2024-23185 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-23185 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Server Applications Module 15-SP5 * Server Applications Module 15-SP6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux EnterpriseServer for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for dovecot23 fixes the following issues: * CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183) * CVE-2024-23184: Fixed a denial of service parsing messages containing many address headers (bsc#1229184) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3118=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3118=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3118=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3118=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3118=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3118=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3118=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3118=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3118=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3118=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3118=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3118=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3118=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3118=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3118=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3118=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3118=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3118=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 *dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 *dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 *dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 *dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 *dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 *dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 *dovecot23-fts-2.3.15-150200.65.1 * SUSE Manager Proxy 4.3 (x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1 * dovecot23-fts-lucene-2.3.15-150200.65.1 * dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1 * dovecot23-devel-2.3.15-150200.65.1 * dovecot23-debuginfo-2.3.15-150200.65.1 * dovecot23-debugsource-2.3.15-150200.65.1 * dovecot23-backend-mysql-2.3.15-150200.65.1 * dovecot23-fts-squat-2.3.15-150200.65.1 * dovecot23-fts-solr-2.3.15-150200.65.1 * dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1 * dovecot23-2.3.15-150200.65.1 * dovecot23-fts-debuginfo-2.3.15-150200.65.1 * dovecot23-backend-sqlite-2.3.15-150200.65.1 * dovecot23-backend-pgsql-2.3.15-150200.65.1 * dovecot23-fts-2.3.15-150200.65.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23184.html * https://www.suse.com/security/cve/CVE-2024-23185.html * https://bugzilla.suse.com/show_bug.cgi?id=1229183 * https://bugzilla.suse.com/show_bug.cgi?id=1229184 . SUSE has issued a significant security update for dovecot23, focusing on resolving denial of servicevulnerabilities with essential patches.. SUSE Dovecot Security Update, Dovecot Denial of Service, SUSE Patch Instructions. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 03, 2024 Important SuSE
197

Debian 11 DLA-3860-1 Critical: Dovecot Denial of Service Issues

Vulnerabilities were discovered in dovecot, an POP3/IMAP server, which could lead to Denial of Service. CVE-2024-23184 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3860-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin September 02, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : dovecot Version : 1:2.3.13+dfsg1-2+deb11u2 CVE ID : CVE-2024-23184 CVE-2024-23185 Debian Bug : 1078876 1078877 Vulnerabilities were discovered in dovecot, an POP3/IMAP server, which could lead to Denial of Service. CVE-2024-23184 Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. CVE-2024-23185 Very large headers can cause resource exhaustion when parsing message. For Debian 11 bullseye, these problems have been fixed in version 1:2.3.13+dfsg1-2+deb11u2. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dovecot Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-9400-1 issued with Dovecot patch for critical Denial of Service flaws, notably CVE-2024-23184.. Dovecot Security Advisory, Debian Updates, Denial of Service Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 02, 2024 Critical Debian LTS
89

Fedora 39 Dovecot Update: Excessive CPU Usage and Header Limits

CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ba5bb9f63a 2024-08-28 02:20:34.962027 -------------------------------------------------------------------------------- Name : dovecot Product : Fedora 39 Version : 2.3.21.1 Release : 1.fc39 URL : https://dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. -------------------------------------------------------------------------------- Update Information: CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 19 2024 Michal Hlavinka - 1:2.3.21.1-1 - updated to 2.3.21.1(2304907) * Wed Jul 17 2024 Fedora Release Engineering - 1:2.3.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts - Do not use deprecated OpenSSL v3 ENGINE API - Drop dependency on libstemmer on RHEL * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval * Wed Jan 31 2024 Pete Walter -1:2.3.21-6 - Rebuild for ICU 74 * Wed Jan 24 2024 Fedora Release Engineering - 1:2.3.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 1:2.3.21-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ba5bb9f63a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Notable Dovecot enhancements for Fedora 39 improving CPU load and constraints on email header dimensions. Update today to maintain security.. Dovecot Update, Fedora Security, Email Header Limits, CPU Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 28, 2024 Important Fedora
99

Slackware 15.0: SSA:2024-227-01 Critical: Dovecot CPU Issue

New dovecot packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dovecot (SSA:2024-227-01) New dovecot packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/dovecot-2.3.21.1-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: A large number of address headers in email resulted in excessive CPU usage. Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-23184 https://www.cve.org/CVERecord?id=CVE-2024-23185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dovecot-2.3.21.1-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dovecot-2.3.21.1-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dovecot-2.3.21.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dovecot-2.3.21.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: d794276c3fd3027c6359588acd4194b4 dovecot-2.3.21.1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 234a9dd6ab876a5a042f0e0e023c30d7 dovecot-2.3.21.1-x86_64-1_slack15.0.txz Slackware -current package: 7d07927ffafb070680e2c6a8a3ad337b n/dovecot-2.3.21.1-i686-1.txz Slackware x86_64 -current package: c47edd47c6911715760cc7e65e8d1753 n/dovecot-2.3.21.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dovecot-2.3.21.1-i586-1_slack15.0.txz Then restart Dovecot if you are using it: # sh /etc/rc.d/rc.dovecot restart +-----+ . The updated Dovecot distributions for Slackware version 15.0 and -current address CPU performance problems linked to overly lengthy email headers.. Dovecot Packages, Slackware Security, CPU Usage Fix, Email Header Truncation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 14, 2024 Critical Slackware
91

Gentoo: GLSA-202310-19 Normal: Dovecot Privilege Escalation Issue

A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot: Privilege Escalation Date: October 30, 2023 Bugs: #856733 ID: 202310-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Background ========== Dovecot is an open source IMAP and POP3 email server. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------- -------------- net-mail/dovecot < 2.3.19.1-r1 > = 2.3.19.1-r1 Description =========== A vulnerability has been discovered in Dovecot. Please review the CVE identifier referenced below for details. Impact ====== When two passdb configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication. Dovecot documentation does not advise against the use of passdb definitions which have the same driver and args settings. One such configuration would be where an administrator wishes to use the same pam configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. Workaround ========== There isno known workaround at this time. Resolution ========== All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/dovecot-2.3.19.1-r1" References ========== [ 1 ] CVE-2022-30550 https://nvd.nist.gov/vuln/detail/CVE-2022-30550 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Advisory GLSA 202310-20 examines the vulnerabilities in OpenSSH regarding session hijacking and outlines critical measures for mitigation.. Dovecot Privileges, Gentoo Security, Email Server Risks, Privilege Escalation. . LinuxSecurity.com Team

Calendar%202 Oct 30, 2023 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200