You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa dovecot

Sigurnosni nedostaci programskog paketa dovecot

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3961-1
April 30, 2019

dovecot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10

Summary:

Dovecot could be made to crash if it received specially crafted network
traffic.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

It was discovered that the Dovecot Submission login service incorrectly
handled certain operations. A remote attacker could possibly use this issue
to cause Dovecot to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
dovecot-core 1:2.3.4.1-1ubuntu2.2
dovecot-submissiond 1:2.3.4.1-1ubuntu2.2

Ubuntu 18.10:
dovecot-core 1:2.3.2.1-1ubuntu3.4
dovecot-submissiond 1:2.3.2.1-1ubuntu3.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3961-1
CVE-2019-11494, CVE-2019-11499

Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.4.1-1ubuntu2.2
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.2.1-1ubuntu3.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzIiN4ACgkQZWnYVadE
vpPjvRAAoVd118QJFBapSS70F/UroonvEOWu5JbFlAJV+mOGYptPz/Id6Mm7vXml
pRSmtcSRKatD1DO0D6pxm849/tmDmxf+oAJeM1Le0p17fOw6dXR2oZ06U0tQQLnu
3ylivVTkbdNNkJhQy8340CbtGcq6Hfe+ykIUsE5TQSa6bhOIk7h9CCorz+XrGEnf
2egXtQleSgDJ7u1AZmFuddDhzkKt7TFNTdFWzovy+DhrcYO1uIn8aNxBo5JCuV+N
BICEbz8zMS6s/wXtBRxZ2oqcJuSUC0/2snKu3bdeLpjkQ8SXB5pLjxUYpX5AotbO
tA64geFjHZcY7xQxVjlExOwXrLOCSS0ItiihwpQtalmaDwwr70JiDXRz/M4JLZM9
EcUf2sFnOhe9L89h/XRAOykrZn7w7X2tCKE2AYBdMIGwT/2R0shK5HIFBSJoGBpP
I7juilbK8YO1d9Bnpca47L9E3inW1gpnEfyd0sfTjT4J4TxKzK1wLVK+Rq+SqceB
Dq8DNT82hcNjBqLNx3w/FCTkIo3I4VVtew5rEhpcOFq2Dxt3IjVSmRzQgPBdq2IU
UEXnpObuDgtFkRCygOzixzwKpqm6yWCQey9EOkIxUD6VC8uY96EiU75P0bEYnq4K
Ran/mrD1s2akglHnVAw5ndKPS/BGlHe2eb3j86PQOapTKaTLW8I=
=hgU5
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa OpenStack Platform

Otkriven je sigurnosni nedostatak u programskom paketu OpenStack Platform za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih...

Close