Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 23 articles for you...
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorydenial of serviceimportant

Rocky Linux 9 RLSA-2026-13858 Major Vulnerability Discovered in Dovecot App

Important: dovecot security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13857", "synopsis": "Important: dovecot security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dovecot.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. \n\nSecurity Fix(es):\n\n* dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)\n\n* dovecot: denial of service via crafted message before authentication (CVE-2026-27858)\n\n* dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2452172", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452172", "description": ""}, {"ticket": "2452175", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452175", "description": ""}, {"ticket": "2452179", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452179", "description": ""}], "cves": [{"name": "CVE-2025-59032", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59032", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-229"}, {"name": "CVE-2026-27857", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27857", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-27858", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27858", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-05-07T12:03:39.445016Z", "rpms": {"Rocky Linux 9": {"nvras": ["dovecot-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-1:2.3.16-15.el9_7.1.i686.rpm", "dovecot-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-1:2.3.16-15.el9_7.1.src.rpm", "dovecot-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-debuginfo-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-debuginfo-1:2.3.16-15.el9_7.1.i686.rpm", "dovecot-debuginfo-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-debuginfo-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-debuginfo-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-debugsource-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-debugsource-1:2.3.16-15.el9_7.1.i686.rpm", "dovecot-debugsource-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-debugsource-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-debugsource-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-devel-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-devel-1:2.3.16-15.el9_7.1.i686.rpm", "dovecot-devel-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-devel-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-devel-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-mysql-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-mysql-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-mysql-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-mysql-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-mysql-debuginfo-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-mysql-debuginfo-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-pgsql-1:2.3.16-15.el9_7.1.aarch64.rpm","dovecot-pgsql-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-pgsql-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-pgsql-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-pigeonhole-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-pigeonhole-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-pigeonhole-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-pigeonhole-1:2.3.16-15.el9_7.1.x86_64.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-15.el9_7.1.aarch64.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-15.el9_7.1.ppc64le.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-15.el9_7.1.s390x.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-15.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Dovecot security update for Rocky Linux addresses important issues including denial of service vulnerabilities. Read more for details.. Dovecot Security Update, Rocky Linux Dovecot, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 07, 2026 Important Rocky Linux
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorydenial of serviceimportant

CentOS Stream 9 Dovecot Vulnerability Mitigation RLSA-2026-13578

Important: dovecot security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13830", "synopsis": "Important: dovecot security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dovecot.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. \n\nSecurity Fix(es):\n\n* dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)\n\n* dovecot: denial of service via crafted message before authentication (CVE-2026-27858)\n\n* dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2452172", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452172", "description": ""}, {"ticket": "2452175", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452175", "description": ""}, {"ticket": "2452179", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2452179", "description": ""}], "cves": [{"name": "CVE-2025-59032", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59032", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-229"}, {"name": "CVE-2026-27857", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27857", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2026-27858", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27858", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-05-07T06:00:59.922786Z", "rpms": {"Rocky Linux 8": {"nvras": ["dovecot-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-1:2.3.16-7.el8_10.i686.rpm", "dovecot-1:2.3.16-7.el8_10.src.rpm", "dovecot-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-debuginfo-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-debuginfo-1:2.3.16-7.el8_10.i686.rpm", "dovecot-debuginfo-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-debugsource-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-debugsource-1:2.3.16-7.el8_10.i686.rpm", "dovecot-debugsource-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-devel-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-devel-1:2.3.16-7.el8_10.i686.rpm", "dovecot-devel-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-mysql-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-mysql-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-mysql-debuginfo-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-pgsql-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-pgsql-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-pgsql-debuginfo-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-pigeonhole-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-pigeonhole-1:2.3.16-7.el8_10.x86_64.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-7.el8_10.aarch64.rpm", "dovecot-pigeonhole-debuginfo-1:2.3.16-7.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Dovecot security update for Rocky Linux 8 addresses multiple denial-of-service issues, improving overall server protection.. Dovecot security update, Rocky Linux advisories, Denial of Service, IMAP server updates. . Severity: Important.LinuxSecurity.com Team

Calendar 2 May 07, 2026 Important Rocky Linux
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorybuffer overflowdebian

Debian 10 Buster: DLA-3774-1 Critical: Gross Buffer Overflow Fix

Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3774-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk March 25, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : gross Version : 1.0.2-4.1~deb10u1 CVE ID : CVE-2023-52159 Debian Bug : 1067115 Stack-based buffer overflow has been fixed in gross, a server for greylisting emails. For Debian 10 buster, this problem has been fixed in version 1.0.2-4.1~deb10u1. We recommend that you upgrade your gross packages. For the detailed security status of gross please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gross Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Important notification for Ubuntu LTS resolved an integer overflow issue in the integral chat platform. Immediate upgrade advisable.. debian,gross server,email security,buffer overflow fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 25, 2024 Critical Debian LTS
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooprivilege escalation

Gentoo: GLSA-202310-19 Normal: Dovecot Privilege Escalation Issue

A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot: Privilege Escalation Date: October 30, 2023 Bugs: #856733 ID: 202310-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Background ========== Dovecot is an open source IMAP and POP3 email server. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------- -------------- net-mail/dovecot < 2.3.19.1-r1 > = 2.3.19.1-r1 Description =========== A vulnerability has been discovered in Dovecot. Please review the CVE identifier referenced below for details. Impact ====== When two passdb configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation with certain configurations involving master user authentication. Dovecot documentation does not advise against the use of passdb definitions which have the same driver and args settings. One such configuration would be where an administrator wishes to use the same pam configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. Workaround ========== There isno known workaround at this time. Resolution ========== All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/dovecot-2.3.19.1-r1" References ========== [ 1 ] CVE-2022-30550 https://nvd.nist.gov/vuln/detail/CVE-2022-30550 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Advisory GLSA 202310-20 examines the vulnerabilities in OpenSSH regarding session hijacking and outlines critical measures for mitigation.. Dovecot Privileges, Gentoo Security, Email Server Risks, Privilege Escalation. . LinuxSecurity.com Team

Calendar 2 Oct 30, 2023 Gentoo
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10 Buster: DLA-3122-1 Critical: Dovecot IMAP and POP3 Issues

Two security issues were discovered in dovecot: IMAP and POP3 email server. CVE-2021-33515 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3122-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Anton Gladky September 27, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : dovecot Version : 1:2.3.4.1-5+deb10u7 CVE ID : CVE-2021-33515 CVE-2022-30550 Two security issues were discovered in dovecot: IMAP and POP3 email server. CVE-2021-33515 The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. CVE-2022-30550 When two passdb configuration entries exist with the same driver and args settings, incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. For Debian 10 buster, these problems have been fixed in version 1:2.3.4.1-5+deb10u7. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dovecot Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu's postfix upgrade resolves serious vulnerabilities affecting SMTP protocols. Immediate update advised for protection.. Dovecot Email Server, Debian LTS Advisory, Security Issues, Email Security, Privilege Escalation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 27, 2022 Critical Debian LTS
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorysecurity updatemoderate impact

Rocky Linux 8 Dovecot Update RLSA-2022:1950 Moderate Security Risk

Moderate: dovecot security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2022:1950', 'synopsis': 'Moderate: dovecot security update', 'severity': 'Moderate', 'topic': 'An update for dovecot is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. \nThe following packages have been upgraded to a later upstream version: dovecot (2.3.16). (BZ#1980014)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1973610', '1974508'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33515.json:::CVE-2021-33515'], 'references': [], 'publishedAt': '2022-05-18T19:45:00.249923Z', 'rpms': ['dovecot-2.3.16-2.el8.aarch64.rpm', 'dovecot-2.3.16-2.el8.i686.rpm', 'dovecot-2.3.16-2.el8.src.rpm', 'dovecot-2.3.16-2.el8.x86_64.rpm', 'dovecot-debuginfo-2.3.16-2.el8.aarch64.rpm', 'dovecot-debuginfo-2.3.16-2.el8.i686.rpm', 'dovecot-debuginfo-2.3.16-2.el8.x86_64.rpm', 'dovecot-debugsource-2.3.16-2.el8.aarch64.rpm', 'dovecot-debugsource-2.3.16-2.el8.i686.rpm', 'dovecot-debugsource-2.3.16-2.el8.x86_64.rpm', 'dovecot-devel-2.3.16-2.el8.aarch64.rpm', 'dovecot-devel-2.3.16-2.el8.i686.rpm','dovecot-devel-2.3.16-2.el8.x86_64.rpm', 'dovecot-mysql-2.3.16-2.el8.aarch64.rpm', 'dovecot-mysql-2.3.16-2.el8.x86_64.rpm', 'dovecot-mysql-debuginfo-2.3.16-2.el8.aarch64.rpm', 'dovecot-mysql-debuginfo-2.3.16-2.el8.x86_64.rpm', 'dovecot-pgsql-2.3.16-2.el8.aarch64.rpm', 'dovecot-pgsql-2.3.16-2.el8.x86_64.rpm', 'dovecot-pgsql-debuginfo-2.3.16-2.el8.aarch64.rpm', 'dovecot-pgsql-debuginfo-2.3.16-2.el8.x86_64.rpm', 'dovecot-pigeonhole-2.3.16-2.el8.aarch64.rpm', 'dovecot-pigeonhole-2.3.16-2.el8.x86_64.rpm', 'dovecot-pigeonhole-debuginfo-2.3.16-2.el8.aarch64.rpm', 'dovecot-pigeonhole-debuginfo-2.3.16-2.el8.x86_64.rpm']}\. Dovecot security patch released for Rocky Linux 8 to mitigate moderate risk vulnerabilities. Update now for improved security!. Rocky Linux Dovecot Security Update, Moderate Security Patch, Dovecot Email Server. . LinuxSecurity.com Team

Calendar 2 Sep 02, 2022 Rocky Linux
Banner 1 1028x280 1708121660 1771599717
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryUbuntudovecot

Ubuntu 21.04, 20.10: USN-4993-1 Moderate: Dovecot Security Issues

Several security issues were fixed in Dovecot.. =========================================================================Ubuntu Security Notice USN-4993-1 June 21, 2021 dovecot vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Dovecot. Software Description: - dovecot: IMAP and POP3 email server Details: Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29157) Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly handled STARTTLS when using the SMTP submission service. A remote attacker could possibly use this issue to inject plaintext commands before STARTTLS negotiation. (CVE-2021-33515) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: dovecot-core 1:2.3.13+dfsg1-1ubuntu1.1 Ubuntu 20.10: dovecot-core 1:2.3.11.3+dfsg1-2ubuntu0.2 Ubuntu 20.04 LTS: dovecot-core 1:2.3.7.2-1ubuntu3.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4993-1 CVE-2021-29157, CVE-2021-33515 Package Information: https://launchpad.net/ubuntu/+source/dovecot/1:2.3.13+dfsg1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.3.11.3+dfsg1-2ubuntu0.2 https://launchpad.net/ubuntu/+source/dovecot/1:2.3.7.2-1ubuntu3.4 . Fedora has recognized a number of Postfix vulnerabilities that affect multiple versions, addressing essential mail server vulnerabilities.. Dovecot Security Fixes, Ubuntu Dovecot Advisory, Email Server Issues. .LinuxSecurity.com Team

Calendar 2 Jun 21, 2021 Ubuntu
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryhigh severityfedora

Fedora 33: 2021-848fd34b0b High Severity OpenSMTPD Memory Leak Fix

**opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for OpenSSL, sponsored by anonymous community member Bug fixes: - Fixed a resolver memory leak as well as a regex table memory leak - Fixed a bug in the filters state machine leading to a possible crash of the daemon - Fixed the logging format which output truncated process names on some systems - Fixed. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-848fd34b0b 2021-01-30 01:53:46.555441 --------------------------------------------------------------------------------Name : opensmtpd Product : Fedora 33 Version : 6.8.0p2 Release : 1.fc33 URL : https://www.opensmtpd.org/ Summary : Free implementation of the server-side SMTP protocol as defined by RFC 5321 Description : OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTPD nowadays is a fairly complete SMTP implementation. OpenSMTPD is primarily developed by Gilles Chehade, Eric Faurot and Charles Longeau; with contributions from various OpenBSD hackers. OpenSMTPD is part of the OpenBSD Project. The software is freely usable and re-usable by everyone under an ISC license. This package uses standard "alternatives" mechanism, you may call "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd" if you want to switch to OpenSMTPD MTA immediately after install, and "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.sendmail" to revert back to Sendmail as a default mail daemon. --------------------------------------------------------------------------------Update Information: **opensmtpd 6.8.0p2** New Features: - ECDSA privsep engine support for OpenSSL, sponsored by anonymous community member Bug fixes: - Fixeda resolver memory leak as well as a regex table memory leak - Fixed a bug in the filters state machine leading to a possible crash of the daemon - Fixed the logging format which output truncated process names on some systems - Fixed build on macOS - Various man page improvements --------------------------------------------------------------------------------ChangeLog: * Wed Jan 20 2021 Denis Fateyev - 6.8.0p2-1 - Update to 6.8.0p2 release * Thu Sep 17 2020 Denis Fateyev - 6.7.1p1-3 - Rebuild for libevent soname change --------------------------------------------------------------------------------References: [ 1 ] Bug #1910343 - opensmtpd-6.8.0p2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1910343 [ 2 ] Bug #1911290 - CVE-2020-35679 opensmtpd: memory leak via messages to an instance that performs many regex lookups due to a missing regfree call [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1911290 [ 3 ] Bug #1911294 - CVE-2020-35680 opensmtpd: NULL pointer dereference via a crafted pattern of client activity [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1911294 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-848fd34b0b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The recent Fedora update for OpenSMTPD brings major improvements, featuring important bug fixes, upgraded security protocols, and enhanced antispam capabilities for better performance. OpenSMTPD,Fedora Update,Email Server,Bug Fix,Memory Leaks. . LinuxSecurity.com Team

Calendar 2 Jan 29, 2021 Fedora
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here