ELSA-2020-4763

ELSA-2020-4763 - dovecot security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-11-10

Description

[1:2.3.8-4]
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)

[1:2.3.8-3]
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
leads to use-after-free (#1840357)
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
leads to DoS (#1840356)

Related CVEs

CVE-2020-10958

CVE-2020-10967

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 8 (aarch64)	dovecot-2.3.8-4.el8.src.rpm	41651e33555cc5ba51d2eb9245b1df4e	-
	dovecot-2.3.8-4.el8.aarch64.rpm	03d0b62ca572c49d0f89247ecff4911a	-
	dovecot-devel-2.3.8-4.el8.aarch64.rpm	750d606a285fc5a42c1e085c405156be	-
	dovecot-mysql-2.3.8-4.el8.aarch64.rpm	f2ecbddc26d837049214ad50202a72e6	-
	dovecot-pgsql-2.3.8-4.el8.aarch64.rpm	4035e8559c0672b81d357b32037ca42c	-
	dovecot-pigeonhole-2.3.8-4.el8.aarch64.rpm	b8ec1eaacdc7ff1c87c5beef240dfe6e	-
Oracle Linux 8 (x86_64)	dovecot-2.3.8-4.el8.src.rpm	41651e33555cc5ba51d2eb9245b1df4e	-
	dovecot-2.3.8-4.el8.i686.rpm	a21733391be49897fa3b71a8014cfcc9	-
	dovecot-2.3.8-4.el8.x86_64.rpm	efb8753d8c50db7f32c6c753e0ea26db	-
	dovecot-devel-2.3.8-4.el8.i686.rpm	796ffd8f50dcb855fa4a08227a445711	-
	dovecot-devel-2.3.8-4.el8.x86_64.rpm	62f3306316ca74d7b54de40d12e8f2fd	-
	dovecot-mysql-2.3.8-4.el8.x86_64.rpm	1256d4f51fa3dcea0401bd0439388d84	-
	dovecot-pgsql-2.3.8-4.el8.x86_64.rpm	c29d787568671cb5270a7cdd870393a9	-
	dovecot-pigeonhole-2.3.8-4.el8.x86_64.rpm	c0e77c3900c52f1ea6e1ddd99ba3136b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team