UbuntuUpdates.org

Package "dovecot"

Name: dovecot

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure POP3/IMAP server - core files
  • secure POP3/IMAP server - debug symbols
  • secure POP3/IMAP server - header files
  • secure POP3/IMAP server - IMAP daemon

Latest version: 1:2.2.9-1ubuntu2.6
Release: trusty (14.04)
Level: updates
Repository: main

Links



Other versions of "dovecot" in Trusty

Repository Area Version
base main 1:2.2.9-1ubuntu2
base universe 1:2.2.9-1ubuntu2
security main 1:2.2.9-1ubuntu2.6
security universe 1:2.2.9-1ubuntu2.6
updates universe 1:2.2.9-1ubuntu2.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.2.9-1ubuntu2.6 2019-04-01 14:06:14 UTC

  dovecot (1:2.2.9-1ubuntu2.6) trusty-security; urgency=medium

  * SECURITY UPDATE: stack overflow when reading FTS or POP3-UIDL header
    - debian/patches/CVE-2019-7524-2.patch: fix buffer overflow when
      reading oversized fts header in src/plugins/fts/fts-api.c.
    - CVE-2019-7524

 -- Marc Deslauriers <email address hidden> Fri, 29 Mar 2019 08:03:10 -0400

Source diff to previous version
CVE-2019-7524 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to

Version: 1:2.2.9-1ubuntu2.5 2019-02-05 15:06:56 UTC

  dovecot (1:2.2.9-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect client certificate validation
    - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate
      username in src/auth/auth-request.c.
    - debian/patches/CVE-2019-3814-2.patch: fail authentication if
      certificate username was unexpectedly missing in
      src/auth/auth-request-handler.c.
    - debian/patches/CVE-2019-3814-3.patch: ensure we get username from
      certificate in src/login-common/sasl-server.c.
    - CVE-2019-3814

 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 08:53:54 -0500

Source diff to previous version
CVE-2019-3814 Suitable client certificate can be used to login as other user

Version: 1:2.2.9-1ubuntu2.4 2018-03-05 14:07:37 UTC

  dovecot (1:2.2.9-1ubuntu2.4) trusty-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2018 09:31:36 -0500

Source diff to previous version
CVE-2017-14461 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive info
CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration

Version: 1:2.2.9-1ubuntu2.3 2018-02-01 21:06:41 UTC

  dovecot (1:2.2.9-1ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
      src/lib-auth/auth-server-connection.c,
      src/lib-auth/auth-serser-connection.h.
    - CVE-2017-15132

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 12:54:53 -0300

Source diff to previous version
CVE-2017-15132 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by log

Version: 1:2.2.9-1ubuntu2.1 2014-05-15 16:07:25 UTC

  dovecot (1:2.2.9-1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via SSL connection exhaustion
    - debian/patches/CVE-2014-3430.patch: properly close connections in
      src/login-common/client-common.c,
      src/login-common/ssl-proxy-openssl.c,
      src/login-common/ssl-proxy.h.
    - CVE-2014-3430
 -- Marc Deslauriers <email address hidden> Wed, 14 May 2014 13:14:05 -0400

CVE-2014-3430 dovecot: DoS



About   -   Send Feedback to @ubuntu_updates