Stay Secure with the Latest Linux Advisories

security advisoryFedorasecurity fix

Fedora: 2019-5898f4f935 Critical: Dovecot Null Pointer Dereference Issue

Security fix for CVE-2019-19722: null pointer dereference in push notification driver. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-5898f4f935 2020-01-08 11:54:40.924375 --------------------------------------------------------------------------------Name : dovecot Product : Fedora 31 Version : 2.3.9.2 Release : 1.fc31 URL : https://dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-19722: null pointer dereference in push notification driver --------------------------------------------------------------------------------ChangeLog: * Thu Dec 19 2019 Michal Hlavinka - 1:2.3.9.2-1 - CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers. * Wed Dec 4 2019 Michal Hlavinka - 1:2.3.9-1 - dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 * Thu Oct 10 2019 Michal Hlavinka - 1:2.3.8-1 - dovecot updated to 2.3.8, pigeonhole 0.5.8 --------------------------------------------------------------------------------References: [ 1 ] Bug #1782785 - CVE-2019-19722 dovecot: null pointer dereference in push notification driver https://bugzilla.redhat.com/show_bug.cgi?id=1782785 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-5898f4f935' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora resolves a severe null dereference vulnerability in Dovecot's push notification driver, correcting CVE-2019-19722.. dovecot security, Fedora updates, null pointer, notification vulnerabilities, IMAP server security. . Severity: Critical. LinuxSecurity.com Team

Jan 08, 2020 •Critical Fedora