Download
| Alert*
oval:org.secpod.oval:def:300031
Multiple vulnerabilities was discovered and corrected in dovecot: Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing ... oval:org.secpod.oval:def:500092 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it ... oval:org.secpod.oval:def:1504401 [2.0.9-2] - fix issues and assert crashes found in 2.0.9 [2.0.9-1] - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send "out of quota" reply [2.0.8-1] - dovecot updated to 2.0.8 , pigeonhole updated to 0. ... oval:org.secpod.oval:def:700227 It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstan ... |