==========================================================================
Ubuntu Security Notice USN-3881-1
February 05, 2019

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Dovecot could be made to expose sensitive information over the network.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

It was discovered that Dovecot incorrectly handled client certificates. A
remote attacker in possession of a valid certificate with an empty username
field could possibly use this issue to impersonate other users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
dovecot-core 1:2.3.2.1-1ubuntu3.1

Ubuntu 18.04 LTS:
dovecot-core 1:2.2.33.2-1ubuntu4.2

Ubuntu 16.04 LTS:
dovecot-core 1:2.2.22-1ubuntu2.9

Ubuntu 14.04 LTS:
dovecot-core 1:2.2.9-1ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3881-1
CVE-2019-3814

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.2.1-1ubuntu3.1
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.33.2-1ubuntu4.2
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.9
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxZpzYACgkQZWnYVadE
vpPFpw/8C8yWY+4MsJt/lxdN0e1HZB3A+KlVYp/4W2VppRnl1MbmL88PMkIvfsn7
if2Pb0HO81SnoPnDdn46Lj9H0EG8EcVNJXYjIe95DBiXP7hs6lxUujKF8ibXXEmw
vh3Kk+Cb6Lls3aoFqK3sdgS8GFzvVnSb4zbgkV7y3vv/yCjpR/O8Z7i4DxouVYUJ
mSfzGenp7BW45/28u6rANnJ7D3W4LTXAMwbp0EiobacP28gc7w8RmF1FrqyGo977
O/t4gaw3wnkXh4wTvXj4owFmL2k2iAXMf2I1IT4p8O5j6+EgQ8uBm9JzQHLjRh8o
ClYJ0CiGP/M+V6sLOUxf9MElHjZk7Dl874ExruB5HUxQfVoVckQnx7w9HVsNfhcY
V1n5gKxIuhzh0JpGpEdpho8cLF0QAye8KEK9EAGNo83raonC6F6G77G35VFoI60T
Z+rGXv417wQxotwTZkseToGujh+Y4LfiadEzHwnnlkMDlpWbSrSEBJDRBYl2Ucgq
p+JxJDSo367ThWZ5n4/NHzcdcNkvKPNiTHLexOgEj2b3c4RhKmY6C9EuXI/eOHOi
MX8DSnixYdOnQ8m/sli6U2AWMU83BtmGvAbhjKi872CA/hQvhUELGVcmR8hKtRe8
PgeDJCOGGSH6hMVeiiVAXQb4M96VmOc07AzyF9kJtnf4dNSXFcM=
=ROrv
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3881-2
February 05, 2019

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Dovecot could be made to expose sensitive information over the network.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

USN-3881-1 fixed a vulnerability in Dovecot. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that Dovecot incorrectly handled client
 certificates. A remote attacker in possession of a valid certificate
 with an empty username field could possibly use this issue to
 impersonate other users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  dovecot-core                    1:2.0.19-0ubuntu2.6

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3881-2
  https://usn.ubuntu.com/usn/usn-3881-1
  CVE-2019-3814—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcWbzQAAoJEEW851uECx9pzfoP/115udANjvzAYNHJvfR7H9B/
YYWOyOwuIvPOhVyaHmxWqfSEWOJ6/LSVg2EtO7RZp6TuWL/MVe/nz8glfuRvR9Wc
zf8ensSVk1ugmHnCIb7Pg4R7D/VEcdGsvLe86/XlI5MOiVtUUqwQcevCmhopdCx+
YkWLd+IqY6sJwwkKZS/O8rGMJKQ8VNIBTv8dyQ4HdXBP5FYcXumkFG7gRBa0XUOR
ESMg5j0iEu90PRnUIxd5jsQkTJ2UUZxJ0WWheBON4KbCTujZDJ8Z7tggsaOQdHB7
zoWA8Rcu9SbdR7IBKOo15T2Jje/vWbQZ5luyrbD7CZcEJhQeiSKWT+mJgzboveqU
M5OPMIdKCakDMuuBKCjNPMRhs8KRFGBVLL9XQqD2lGqCK4i+MsalmP1TEW3LyoyB
Xhd3/STZfhvcfUxVpRQdOIZuxnKAzLR89FB0W84/6U1sSljBRRzpEYveBc/px0HS
Ha/P8YYCHys2IXQF3hgOuK49Qp5aIj9mE2lqWisL8xRlY2PtHz03BCdob4y5xOLJ
/KGUTz7EkZr8GAQyGCGQo1HyPj6sbGPsYW2pGp65uPzRMqkkT/9PXDQZDrC5hjNT
77xW+xpH0PDk3/WICLqWlxuhmI8pt5rODkJycahEL1jK0YaqkKEuzjvlT3I8dDxk
1PPEPAUyxLX93n6KjaDm
=zYDD
—–END PGP SIGNATURE—–
—