==========================================================================
Ubuntu Security Notice USN-4110-1
August 28, 2019

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Dovecot could be made to crash or execute arbitrary code if it
received a specially crafted data.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly
handled certain data. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
dovecot-core 1:2.3.4.1-1ubuntu2.3

Ubuntu 18.04 LTS:
dovecot-core 1:2.2.33.2-1ubuntu4.4

Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4110-1
CVE-2019-11500

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu2.3
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.33.2-1ubuntu4.4
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.11
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdZoqUAAoJEEW851uECx9pAyoP/2B/Yex4A+iB03wdVIl4pGPS
fu7TmhvgY/KxJcOgDUdOdNNgEWsMo/qaKlgvZNOHdQogIU2CLgDEULZbhfRhrEni
zdb0S7QPodXioAsNzLXKaMDHKPnfOJCc5k2dhYSDQA1ZPcU9gFXfXmEuXndCoYLO
woXfO5BAm9QpVC/WNXTXCwadHwgZSX5gkURfSS5tQ2Sd1vb5J46MBGZW8HT+SeJo
srNbF6hpqL5MHS9hxzV9eBryEWYrwtNjCJI5V/Tb99SbzrEZ0d7GD+cWXtF8Fuf4
CkQ8NwviDhQdTH7Wgs9V92rmU7PoLJlUl+ahYRERY6ZKzZmkgGQz9873B+yd6u6z
JZ2WuErLPeaPsVATE43zteEOnBJAV6vA9hKZwy42V9+pIF66ftsu3RVtvHvoOODC
W7T/ept4UuDxojHAw3t8jX+C4Lodh+Z65R2sNu7spx1HCsKFAXw/KOwU3ZPSpsr5
Ubiykz0i42KkOFzqo623hfADXE7XXSzMaqIXCXe0Wpu0tx+KQlQmzxrwQsPJJbzs
+tgS0SYLW4zi6gaYWGJ/BhZNbdMohd0nmR8oclGCA0Q/sMMEnln0K7d660i7Ief5
PG4hFnrY6PaV/ZaNn6t9n4w434spXJnqImDvyFK5WHHeLYDuvCe50iZGnThrD+eh
1ColDdbmbjqv/obf6TDO
=t0Di
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4110-2
August 28, 2019

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Dovecot could be made to crash or execute arbitrary code if it received
a specially crafted data.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

USN-4110-1 fixed a vulnerability in Dovecot. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly
handled certain data. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
dovecot-core 1:2.2.9-1ubuntu2.6+esm1

Ubuntu 12.04 ESM:
dovecot-core 1:2.0.19-0ubuntu2.7

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4110-2
https://usn.ubuntu.com/4110-1
CVE-2019-11500
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdZpW4AAoJEEW851uECx9pBp4P+wVVxlYuaLRnd0v6JBBzw+LK
0RT4nZ2yfHs1WZSwye95z82uenIO3a9yOdJvd9qtd9FymdoxFgTjKnz8dHdaS/73
cgcSN8orPRiP2WP4uJkLHsGK11+KyjDqqbws5cWdQ4/f57ds3zNB5zzXqx9F3c3l
1wo3vfPx2p/rB/Id6XLsMtZgLWzmlDB/AZH0MyGbaUUqNJlSQhiB95eG+vB174gv
BUGn6jUVJVx4VTBQXc+dfY/Qd5kcE70Sk8hGCCuGMc9D5/50a2QmtOoPQ/3nrf/J
UUrlbUxeqUk++F0n8soewuoS8nIGXRbyaXqcDYniZwYOrBvgbjXi6Tz05FdYkfEg
0hPiBw5dtpyXxiJ+Mlpg7RBvLFeYGvRBkw03bmN3wcr5UqSWw8qfDKnBCaKHTxMZ
JiB2t0HAvMP6VRK4GtAQ5loE4EjRV92OJ3EAsu66gV0i81XIYKBUMxt+ITnrVdtv
Fu0HkMRhjcw710RZF+NQvKNm1rD7xXi/fYx4Bc6N4bXYKPOMA3wGRB+KELrqAM+B
BInKQHp1JZyWzGHAvv80f1yHkptovCg+mrRZ2oiiZ8Ly64GySaoq+s9YtFv9sh7q
wYOvKbQkIQoB/caDmyHInE7eCqViIcDWL7KwHW6XfOZ9HFjuSEN0Vj89l6xm3r1h
1ABhI48qp2+axq5ods9O
=OsOB
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4110-3
August 28, 2019

Dovecot regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4110-1 introduced a regression in Dovecot.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a
regression causing a wrong check. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly
handled certain data. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
dovecot-core 1:2.3.4.1-1ubuntu2.4

Ubuntu 18.04 LTS:
dovecot-core 1:2.2.33.2-1ubuntu4.5

Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.12

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4110-3
https://usn.ubuntu.com/4110-1
CVE-2019-11500

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu2.4
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.33.2-1ubuntu4.5
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.12
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdZubGAAoJEEW851uECx9pweIQAIohUu1bqxPFgXdBLAB0B/Ml
WxSQ7S9qr2alk+gzDnG5ewtc+QY6wJT6utm0aF1ZhDgq1WkOcc6BCCvsx5tEGK8v
r2OY4GmkXhDDfjZtm6y2supmo0H37XTSOSrfCbbHVBi/Ru9yGmUP8Zr0MnMbknS+
LKmXyXvEY9kqQnf/ptuWs14uCjGFIWhuh42V+PSvqKy7cevWJ5tKnJTsI0ngiKrM
6rfHaIY1wVzVwLC3jUmCIAaPogUyRDxFNENw6G8/xNfI8QDMWoY3I4/7FSnCdQMi
I4YK86RYh61Rx0qP/ox6WKhaKm74/8ENhC/C3rulF+HspibXSObtRkkzz1u3E/kf
WJSVQNAJkFPK8GzIWauFh5Jzg6hSTHdnvp96FHa3HFiGy5L/DtlDcz9TKTXwImkm
QG7pBFAhyMKVanZxkBv4C6/mYwShrI8G2RlgGHRejFDrjBvzAS5MKjKj60rtmRWV
8ceHx/EXsOV/B+bpcHfEv64eleVj0KApp2qW8cczIa4ugXhG702QzDgLkE9JlfXl
stvNf9nDDlWR3nnYFmFr+2d2dK74B5XXcpKe+GIZ0D3HjvqfGzQNlElTgEPEmNfM
/imIxEFZT7BojtZLWOb4QYD21D0JXhkyMocx831M3iBtJfT59Mn22WDsZv4zhfJI
lXXxw49abqbipel90+mD
=fqwj
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4110-4
August 28, 2019

dovecot regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

USN-4110-1 introduced a regression in Dovecot.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced
a regression causing a wrong check. This update fixes the problem for
Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

We apologize for the inconvenience.

Original advisory details:

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly
handled certain data. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
dovecot-core 1:2.2.9-1ubuntu2.6+esm2

Ubuntu 12.04 ESM:
dovecot-core 1:2.0.19-0ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4110-4
https://usn.ubuntu.com/4110-1
CVE-2019-11500
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdZw+6AAoJEEW851uECx9pr6YQAKLsr0SVjrg+Xf7BuX9x3pIt
3Bk4M74e58hjVQaURwwcw7qlNpTKExbM6onnApmj5YNbdN5WEy0LmjCfNho4coG4
mQk3RGL8rSTCftAjpd8Dzm7fvwadHs96QikoD9jm9M2JSq5VeoKvJnUiSrcWNsUz
5ezILUqgojwSKz4tES7uaoYojksT8U9IB2UpFzOfaxRfxXSd1K89ma4Y7la3uoxq
Pp/zQDaaPJ9w0dNtnhbRI4DCCOkxHGcBS1SjIKWNyzKeF2lulUsKioOhsANVvUaK
4R4AOI3GSEong6YYj86RKp/3CgQxmZPQYXmjC6KD3kbuvQ6rWIF4Xh+lsosvCBDp
bDhnzyCEHd+E5lUPIvi64H173/PpsBNOCJ5NfWxh6cbgx+HJd2uOnvZwZPo+qjMv
ZSo42rmqXVF7DfnYL58nKJzna6A/kQcct/pa0IW/qD4v2pYcyoS2dAlipHuLcNUL
D3oIwe7sxkSBtsZJOEYDtVIdDH73mSkXPqwRPsVQ4HBAMWkKYpmSsCqaxJwPJBxH
jw5pWh/vIf1mGSrR0K2O6B87+mIDV8oPmnCzTcOTHGONXPzbvPsSLBFaJ3KYIYni
fpGi4GBiTlSCbYsfBz3LwbGQbwNIiLRYl3C3v+wQf6OhZnVJhamGOvmPbFNwuUD7
vHMayPBeaIh/dDpwLysh
=7kem
—–END PGP SIGNATURE—–
—