ELSA-2020-4763

ULN >
Oracle Linux Errata repository >
ELSA-2020-4763

ELSA-2020-4763 - dovecot security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-11-10

Description

[1:2.3.8-4]
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)

[1:2.3.8-3]
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
leads to use-after-free (#1840357)
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
leads to DoS (#1840356)

Related CVEs

CVE-2020-10958

CVE-2020-10967

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	dovecot-2.3.8-4.el8.src.rpm	468a54d3ed1fdc08cc9a7d298bf76d7853b37f5710d266bec920ab6e967476b5	-	ol8_aarch64_appstream
	dovecot-2.3.8-4.el8.src.rpm	468a54d3ed1fdc08cc9a7d298bf76d7853b37f5710d266bec920ab6e967476b5	-	ol8_aarch64_codeready_builder
	dovecot-2.3.8-4.el8.aarch64.rpm	336712005e2f0e45cb104f1d0e48554bcc188cf92f59d7b3dbfc649f4a8d73bc	-	ol8_aarch64_appstream
	dovecot-devel-2.3.8-4.el8.aarch64.rpm	1aca4140abac5eb10d8ebdb447bc9db78ca4805e0002e3377ecfd8c84f29e3d9	-	ol8_aarch64_codeready_builder
	dovecot-mysql-2.3.8-4.el8.aarch64.rpm	4109249f552d80ecf9b4cbae6c41b68e36d208fad38eb75cdf23cd6a498bffac	-	ol8_aarch64_appstream
	dovecot-pgsql-2.3.8-4.el8.aarch64.rpm	ddc6a8ac3079437e01ef838ee4c099dab1e9db4ffcd912a5c1be58135af52248	-	ol8_aarch64_appstream
	dovecot-pigeonhole-2.3.8-4.el8.aarch64.rpm	a171082d1bf4163a16d669b5ca4067bbf0f34505ecaedef389ba0a254c09b1f4	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	dovecot-2.3.8-4.el8.src.rpm	468a54d3ed1fdc08cc9a7d298bf76d7853b37f5710d266bec920ab6e967476b5	-	ol8_x86_64_appstream
	dovecot-2.3.8-4.el8.src.rpm	468a54d3ed1fdc08cc9a7d298bf76d7853b37f5710d266bec920ab6e967476b5	-	ol8_x86_64_codeready_builder
	dovecot-2.3.8-4.el8.i686.rpm	773de137630cce1dc79162a8bfcf04300f865312287140c769f64dfb08fd9371	-	ol8_x86_64_codeready_builder
	dovecot-2.3.8-4.el8.x86_64.rpm	2eb4652bdf5fb1cc2d7294576e2de281ffebeb26e859b46e94c5653bc48d69ff	-	ol8_x86_64_appstream
	dovecot-devel-2.3.8-4.el8.i686.rpm	9197ed6405acb1391a7bbd7a817426efc75d0a6246428295170cd519c34f63a2	-	ol8_x86_64_codeready_builder
	dovecot-devel-2.3.8-4.el8.x86_64.rpm	f65552c6dcad149d1bd7b879338f419bdf276a53779869af1567042d227a91c4	-	ol8_x86_64_codeready_builder
	dovecot-mysql-2.3.8-4.el8.x86_64.rpm	93e264e7ef58571de03ea01b327762f9b237990569199a4dc5244cfab711d7f1	-	ol8_x86_64_appstream
	dovecot-pgsql-2.3.8-4.el8.x86_64.rpm	bac1e5e0a741a561a6d34785dd044137b4c16a21a9de9f8c49d4a04e3b116f4c	-	ol8_x86_64_appstream
	dovecot-pigeonhole-2.3.8-4.el8.x86_64.rpm	bde8761114901c72d04e2e1257f74dd490e85a3a512090cc00f35111fbac16f8	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691