ELSA-2020-1062

ELSA-2020-1062 - dovecot security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-04-06

Description

[1:2.2.36-6]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1741787)

[1:2.2.36-5]
- fix CVE-2019-3814: improper certificate validation (#1674369)
- fix CVE-2019-7524: buffer overflow in indexer-worker process resulting in privilege
escalation (#1700398)

[1:2.2.36-4]
- use portreserve to avoid port conflicts(#1270283)

Related CVEs

CVE-2019-3814

CVE-2019-7524

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	dovecot-2.2.36-6.el7.src.rpm	a2e7f44a7c504b3c3df09f44af2057a5	ELBA-2020-3921
	dovecot-2.2.36-6.el7.aarch64.rpm	e806232a42aa2c87d816fc3776303501	ELBA-2020-3921
	dovecot-devel-2.2.36-6.el7.aarch64.rpm	a1e9098b9e05592e92fd16b02d7fe47b	ELBA-2020-3921
	dovecot-mysql-2.2.36-6.el7.aarch64.rpm	40b86510ae44053829daf6587ebc7b4e	ELBA-2020-3921
	dovecot-pgsql-2.2.36-6.el7.aarch64.rpm	908cd9ec2968bd07a326e2516b287929	ELBA-2020-3921
	dovecot-pigeonhole-2.2.36-6.el7.aarch64.rpm	73cf441205ebb1abc34b95e793c8da09	ELBA-2020-3921
Oracle Linux 7 (x86_64)	dovecot-2.2.36-6.el7.src.rpm	a2e7f44a7c504b3c3df09f44af2057a5	ELBA-2020-3921
	dovecot-2.2.36-6.el7.i686.rpm	9bd48a96f14ae63764bacd622c2aeb0c	ELBA-2020-3921
	dovecot-2.2.36-6.el7.x86_64.rpm	7c28e65bac8de5f89f647764fe58d533	ELBA-2020-3921
	dovecot-devel-2.2.36-6.el7.x86_64.rpm	e3db8be5b38939d69356f7bfb5305cdb	ELBA-2020-3921
	dovecot-mysql-2.2.36-6.el7.x86_64.rpm	ef45f557b052450f8cf032920eefaab9	ELBA-2020-3921
	dovecot-pgsql-2.2.36-6.el7.x86_64.rpm	3a37ed40accb00e60a5a17590c5df7f6	ELBA-2020-3921
	dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm	5fc4b66ba10a26647cef89d97b239767	ELBA-2020-3921

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team