Stay Connected:

ELSA-2019-3467

ELSA-2019-3467 - dovecot security and bug fix update

Type:SECURITY
Impact:MODERATE
Release Date:2019-11-14

Description


[1:2.2.36-10]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1741788)

[1:2.2.36-9]
- reset errno before iterating through users (#1630410)

[1:2.2.36-8]
- fix CVE-2019-3814: improper certificate validation (#1674370)

[1:2.2.36-7]
- do not print error message when restorecon is not present
during install (#1626395)
- change default config to use minimal UID = 1000 (#1630410)

[1:2.2.36-6]
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)


Related CVEs


CVE-2019-3814

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) dovecot-2.2.36-10.el8.src.rpm635d26a78357235b25874fb85522d1e248716a1dca7241925a0da1b9550121f7-ol8_aarch64_appstream
dovecot-2.2.36-10.el8.src.rpm635d26a78357235b25874fb85522d1e248716a1dca7241925a0da1b9550121f7-ol8_aarch64_codeready_builder
dovecot-2.2.36-10.el8.aarch64.rpm698ef6388475fda6efce9f84348d7cde5935268d5b0099401f8ed22daa114ac0-ol8_aarch64_appstream
dovecot-devel-2.2.36-10.el8.aarch64.rpm8cd5d2d137f6d218c1d033f1d3228cb39f3fe68cea372ccab6a2dca6ab3f1174-ol8_aarch64_codeready_builder
dovecot-mysql-2.2.36-10.el8.aarch64.rpmd45a84eedb218e9e651170c5ac20f5c87611edd4cd74206ac66b1e8fd2f76a09-ol8_aarch64_appstream
dovecot-pgsql-2.2.36-10.el8.aarch64.rpm00e519d46e1de9ed08ec1eccdae252b567ca89f092637a7ecb5f4816cf12f54d-ol8_aarch64_appstream
dovecot-pigeonhole-2.2.36-10.el8.aarch64.rpmaa72890c0b7c760234000ef1f06d7d043093949e8fbb731486c70a9ce1d798d4-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) dovecot-2.2.36-10.el8.src.rpm635d26a78357235b25874fb85522d1e248716a1dca7241925a0da1b9550121f7-ol8_x86_64_appstream
dovecot-2.2.36-10.el8.src.rpm635d26a78357235b25874fb85522d1e248716a1dca7241925a0da1b9550121f7-ol8_x86_64_codeready_builder
dovecot-2.2.36-10.el8.i686.rpm4b30bb1520ed572f5c41b3a4d87b24acb12c974352661820580e9547243e06f4-ol8_x86_64_codeready_builder
dovecot-2.2.36-10.el8.x86_64.rpm7042040055ad41d59464240fb6a63a42affdf3f7e99dc5d1d80b68695f4000eb-ol8_x86_64_appstream
dovecot-devel-2.2.36-10.el8.i686.rpm4f7ae51100d09d34a481efdc33ed3383cd951f63da733d46c0e23cdb157e258a-ol8_x86_64_codeready_builder
dovecot-devel-2.2.36-10.el8.x86_64.rpm06fd23d31faedf8033b800dd219616a56062a2a3ca1da3cc0de0650400bff9b6-ol8_x86_64_codeready_builder
dovecot-mysql-2.2.36-10.el8.x86_64.rpm064634666ec6a057dc9ebece73b8e4d1c2d0f60bcdf00600983e280ee34aa1e2-ol8_x86_64_appstream
dovecot-pgsql-2.2.36-10.el8.x86_64.rpm743a3517c8960fdb1bcd4466265fb3af5335b2b2a141ce7672474797c4ed43c5-ol8_x86_64_appstream
dovecot-pigeonhole-2.2.36-10.el8.x86_64.rpm5ca3597d7962367166d7e2283893676cfe689da18bf7966f9a8f3a1be4f5875f-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights