Download
| Alert*
oval:org.secpod.oval:def:604870
dovecot is installed oval:org.secpod.oval:def:201664 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ... oval:org.secpod.oval:def:500237 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ... oval:org.secpod.oval:def:1503266 Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:201552 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ... oval:org.secpod.oval:def:500092 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it ... oval:org.secpod.oval:def:1801429 dovecot is installed oval:org.secpod.oval:def:503580 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:503389 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:108868 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:108861 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:109710 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:109723 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:109983 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:89044658 This update for dovecot22 to version 2.2.29.1 fixes the following issues: This security issue was fixed: - CVE-2017-2669: Don"t double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS Additionally ... oval:org.secpod.oval:def:1500606 Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:66471 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1600020 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. oval:org.secpod.oval:def:203105 dovecot is installed oval:org.secpod.oval:def:64146 Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service. oval:org.secpod.oval:def:1300296 A vulnerability has been discovered and corrected in dovecot: Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service via an incomplete SSL/TLS handshake for an IMAP/POP3 c ... oval:org.secpod.oval:def:504742 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1500039 Updated dovecot packages that fix three security issues and one bug are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:66575 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:111788 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:111838 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:202578 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in th ... oval:org.secpod.oval:def:106986 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:501327 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Doveco ... oval:org.secpod.oval:def:107148 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:203346 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Doveco ... oval:org.secpod.oval:def:1504596 [1:2.0.9-7.1] - fix CVE-2014-3430: denial of service through maxxing out SSL connections oval:org.secpod.oval:def:501000 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in th ... oval:org.secpod.oval:def:1802071 Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. oval:org.secpod.oval:def:119310 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:118788 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1801786 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-logi ... oval:org.secpod.oval:def:117669 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:117046 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1801472 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801430 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801428 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801471 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1801479 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1801469 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1601131 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:116759 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1505669 [1:2.3.16-2] - do not disable xz/lzma for now despite being deprecated [1:2.3.16-1] - dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fix CVE-2021-33515 plaintext commands injection oval:org.secpod.oval:def:73622 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1504910 [1:2.3.8-9] - fix CVE-2020-24386 IMAP hibernation function allows mail access [1:2.3.8-8] - fix CVE-2020-25275 denial of service via mail MIME parsing [1:2.3.8-7] - change run directory from /var/run to /run [1:2.3.8-6] - fix mail storage block count parsing - MIME parser crashed when boundaries ... oval:org.secpod.oval:def:2500268 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. oval:org.secpod.oval:def:2500085 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. oval:org.secpod.oval:def:604861 Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service. oval:org.secpod.oval:def:68005 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:112324 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:112322 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:114228 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:205525 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:205371 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1502675 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205369 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1502680 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502681 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700265 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 , protocol processing can fail for quoted strings. This occurs because #039;\\0#039; characters are mishandled, and can lead to out-of-bounds writes and remote code execution. oval:org.secpod.oval:def:1503040 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503026 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:507388 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:1506149 [1:2.3.16-3] - fix possible privilege escalation when similar master and non-master passdbs are used oval:org.secpod.oval:def:87165 [1:2.3.16-7.0.1] - do not run systemd commands during leapp upgrade [Orabug: 34680501] [1:2.3.16-7] - fix possible privilege escalation when similar master and non-master passdbs are used [1:2.3.16-6] - fix possible nonzero return value of postinst script [1:2.3.16-5] - workaround sysuers macro def ... oval:org.secpod.oval:def:5800090 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:2500869 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. oval:org.secpod.oval:def:2600006 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. oval:org.secpod.oval:def:507331 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: P ... oval:org.secpod.oval:def:1701990 An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead t ... oval:org.secpod.oval:def:500508 Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was found in Dovecot"s ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. A password disclosu ... oval:org.secpod.oval:def:97572 [CLSA-2021:1634573745] Fixed CVEs in dovecot: CVE-2020-25275, CVE-2020-12100 |