Package "dovecot"

Name:	dovecot
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: secure POP3/IMAP server - core files secure POP3/IMAP server - header files secure POP3/IMAP server - IMAP daemon secure POP3/IMAP server - POP3 daemon
Latest version:	1:2.3.16+dfsg1-3ubuntu2.4
Release:	jammy (22.04)
Level:	security
Repository:	main

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "dovecot" in Jammy

Repository	Area	Version
base	main	1:2.3.16+dfsg1-3ubuntu2
base	universe	1:2.3.16+dfsg1-3ubuntu2
security	universe	1:2.3.16+dfsg1-3ubuntu2.4
updates	main	1:2.3.16+dfsg1-3ubuntu2.4
updates	universe	1:2.3.16+dfsg1-3ubuntu2.4

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1:2.3.16+dfsg1-3ubuntu2.4 2024-09-16 15:07:07 UTC

dovecot (1:2.3.16+dfsg1-3ubuntu2.4) jammy-security; urgency=medium * SECURITY UPDATE: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive - debian/patches/CVE-2024-23184-1.patch: fix dllist2 test name in src/lib/test-llist.c. - debian/patches/CVE-2024-23184-2.patch: add DLLIST2_JOIN() in src/lib/llist.h, src/lib/test-llist.c. - debian/patches/CVE-2024-23184-3.patch: use test_assert_idx() where possible in src/lib-imap/test-imap-envelope.c. - debian/patches/CVE-2024-23184-4.patch: change message_address to be doubly linked list in src/lib-imap/imap-envelope.c, src/lib-mail/message-address.c, src/lib-mail/message-address.h, src/lib-mail/test-message-address.c. - debian/patches/CVE-2024-23184-5.patch: add message_address_parse_full() and struct message_address_list in src/lib-mail/message-address.c, src/lib-mail/message-address.h, src/lib-mail/test-message-address.c. - debian/patches/CVE-2024-23184-6.patch: optimize parsing large number of address headers in src/lib-imap/imap-envelope.c, src/lib-mail/message-part-data.c, src/lib-mail/message-part-data.h, src/lib-storage/index/index-search-mime.c. - CVE-2024-23184 * SECURITY UPDATE: Very large headers can cause resource exhaustion when parsing message - debian/patches/CVE-2024-23185-1.patch: limit header block to 10MB by default in src/lib-mail/message-header-parser.c, src/lib-mail/message-header-parser.h, src/lib-mail/test-message-header-parser.c. - debian/patches/CVE-2024-23185-2.patch: limit headers total count to 50MB by default in src/lib-mail/message-parser-private.h, src/lib-mail/message-parser.c, src/lib-mail/message-parser.h, src/lib-mail/test-message-parser.c. - CVE-2024-23185 * Note: This package does _not_ contain the changes from 1:2.3.16+dfsg1-3ubuntu2.3 in jammy-proposed. -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2024 07:54:46 -0400

Source diff to previous version

CVE-2024-23184	Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12
CVE-2024-23185	Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. Howe

Version: 1:2.3.16+dfsg1-3ubuntu2.1 2022-07-11 15:06:45 UTC

dovecot (1:2.3.16+dfsg1-3ubuntu2.1) jammy-security; urgency=medium * SECURITY UPDATE: privilege escalation via multiple passdbs - debian/patches/CVE-2022-30550.patch: fix handling passdbs with identical driver/args but different mechanisms/username_filter in src/auth/auth-request.c, src/auth/auth.c, src/auth/auth.h, src/auth/passdb.c, src/auth/passdb.h. - CVE-2022-30550 -- Marc Deslauriers <email address hidden> Thu, 07 Jul 2022 13:13:40 -0400

CVE-2022-30550

Privilege escalation possible in dovecot when imilar master and non-master passdbs are used

About - Send Feedback to @ubuntu_updates

Package "dovecot"

Links

Other versions of "dovecot" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

security

PPA updates