ELSA-2019-3467

ULN >
Oracle Linux Errata repository >
ELSA-2019-3467

ELSA-2019-3467 - dovecot security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2019-11-14

Description

[1:2.2.36-10]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1741788)

[1:2.2.36-9]
- reset errno before iterating through users (#1630410)

[1:2.2.36-8]
- fix CVE-2019-3814: improper certificate validation (#1674370)

[1:2.2.36-7]
- do not print error message when restorecon is not present
during install (#1626395)
- change default config to use minimal UID = 1000 (#1630410)

[1:2.2.36-6]
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)

Related CVEs

CVE-2019-3814

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	dovecot-2.2.36-10.el8.src.rpm	a1b3876b1433cf11df636849319c7b73	-
	dovecot-2.2.36-10.el8.aarch64.rpm	66ce9518d28a804127881b03d187620f	-
	dovecot-devel-2.2.36-10.el8.aarch64.rpm	7a92067bfe0da7e21636ab60eb7acb30	-
	dovecot-mysql-2.2.36-10.el8.aarch64.rpm	eadf2e7019c1c95570d0ae9a1c68d76a	-
	dovecot-pgsql-2.2.36-10.el8.aarch64.rpm	a048f8819ffe2fce3eb0a4d1708c6666	-
	dovecot-pigeonhole-2.2.36-10.el8.aarch64.rpm	43e862c9d05ff4f0ecc94ddc6a867223	-

Oracle Linux 8 (x86_64)	dovecot-2.2.36-10.el8.src.rpm	a1b3876b1433cf11df636849319c7b73	-
	dovecot-2.2.36-10.el8.i686.rpm	2f8ef87b5110e9db08181ba1dce53ff9	-
	dovecot-2.2.36-10.el8.x86_64.rpm	22303ad880022fdfcec15e69b082b523	-
	dovecot-devel-2.2.36-10.el8.i686.rpm	b85e57e2805cf88d1cfa565c5fe4b207	-
	dovecot-devel-2.2.36-10.el8.x86_64.rpm	4269ce7cc9a9587634a76bf17abce361	-
	dovecot-mysql-2.2.36-10.el8.x86_64.rpm	48461a039c897b5365289aed55184de6	-
	dovecot-pgsql-2.2.36-10.el8.x86_64.rpm	df807174088c7deb2b207c8822754b6d	-
	dovecot-pigeonhole-2.2.36-10.el8.x86_64.rpm	33cf2a94a82a2acf688e1a01a6ab18f6	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691