Zwei Probleme in Dovecot
ID: | 201904-19 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Do, 18. April 2019, 07:08 |
Referenzen: | https://nvd.nist.gov/vuln/detail/CVE-2019-7524
https://nvd.nist.gov/vuln/detail/CVE-2019-3814 |
Applikationen: | dovecot |
Originalnachricht |
|
--UFRfxei4j9xfgtfb Content-Type: text/plain; charset=utf-8 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201904-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dovecot: Multiple vulnerabilities Date: April 17, 2019 Bugs: #677350, #681922 ID: 201904-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Background ========== Dovecot is an open source IMAP and POP3 email server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/dovecot < 2.3.5.1 >= 2.3.5.1 Description =========== Multiple vulnerabilities have been discovered in Dovecot. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details Workaround ========== There is no known workaround at this time. Resolution ========== All Dovecot users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.5.1" References ========== [ 1 ] CVE-2019-3814 https://nvd.nist.gov/vuln/detail/CVE-2019-3814 [ 2 ] CVE-2019-7524 https://nvd.nist.gov/vuln/detail/CVE-2019-7524 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201904-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --UFRfxei4j9xfgtfb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAly3cZIACgkQpRQw84X1 dt2YUwgAjia1hAF2Egl+X7nW4CnyDqMiw4Ipx+XldzOj6/rnx/f/L9Dg7nOz0okv LLZV5beqAXDzh3C3b+e8T0Jnyu4o4oN4VcgyJp/vQrB87OwAT9h1vZolplqDMIGm SLel7b6yIVHFdn+BOjSnRSK25cut8Vs5Ts6lpMLW3I1LrnZ7ezwc8NAXbDBGxfxP 2KJtRzOMgj0Ab+dsPcT5asvXwoQiywKfpaWkdaSHCSyPo2kVTukivdtWDX6bnATB jhdW655/Msqw3mwDdjFtC/C5c5k+fl757dNUZHzXuxNiZZK8PCseFxRV3RN+55eS iHsiIbnI1D/QwX2rgrJwMZ5MtAtgHw== =4+lL -----END PGP SIGNATURE----- --UFRfxei4j9xfgtfb-- |