Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2019.0414.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2019:0414-1)
Zusammenfassung:The remote host is missing an update for the 'dovecot23' package(s) announced via the SUSE-SU-2019:0414-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'dovecot23' package(s) announced via the SUSE-SU-2019:0414-1 advisory.

Vulnerability Insight:
This update for dovecot23 fixes the following issues:

dovecot was updated to 2.3.3 release, bringing lots of bugfixes
(bsc#1124356).

Also the following security issue was fixed:
CVE-2019-3814: A vulnerability in Dovecot related to SSL client
certificate authentication was fixed (bsc#1123022)

The package changes:

Updated pigeonhole to 0.5.3:
Fix assertion panic occurring when managesieve service fails to
open INBOX while saving a Sieve script. This was caused by a lack of
cleanup after failure.

Fix specific messages causing an assert panic with actions that compose
a reply (e.g. vacation). With some rather weird input from the original
message, the header folding algorithm (as used for composing the
References header for the reply) got confused, causing the panic.

IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
After finishing reading the Sieve script, the command parsing sometimes
didn't continue with the search arguments. This is a time- critical bug
that likely only occurs when the Sieve script is sent in the next TCP
frame.

dovecot23 was updated to 2.3.3:
doveconf hides more secrets now in the default output.

ssl_dh setting is no longer enforced at startup. If it's not set and
non-ECC DH key exchange happens, error is logged and client is
disconnected.

Added log_debug= setting.

Added log_core_filter= setting.

quota-clone: Write to dict asynchronously

--enable-hardening attempts to use retpoline Spectre 2 mitigations

lmtp proxy: Support source_ip passdb extra field.

doveadm stats dump: Support more fields and output stddev by default.

push-notification: Add SSL support for OX backend.

NUL bytes in mail headers can cause truncated replies when fetched.

director: Conflicting host up/down state changes may in some rare
situations ended up in a loop of two directors constantly
overwriting each others' changes.

director: Fix hang/crash when multiple doveadm commands are being
handled concurrently.

director: Fix assert-crash if doveadm disconnects too early

virtual plugin: Some searches used 100% CPU for many seconds

dsync assert-crashed with acl plugin in some situations. (bsc#1119850)

mail_attachment_detection_options=add-flags-on-save assert-crashed with
some specific Sieve scripts.

Mail snippet generation crashed with mails containing invalid
Content-Type:multipart header.

Log prefix ordering was different for some log lines.

quota: With noenforcing option current quota usage wasn't updated.

auth: Kerberos authentication against Samba assert-crashed.

stats clients were unnecessarily chatty with the stats server.

imapc: Fixed various assert-crashes when reconnecting to server.

lmtp, submission: Fix potential crash if client disconnects while
handling a command.

quota: Fixed compiling with glibc-2.26 / support libtirpc.

fts-solr: Empty search values resulted in 400 Bad Request errors

fts-solr: ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'dovecot23' package(s) on SUSE Linux Enterprise Module for Server Applications 15.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3814
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/
https://security.gentoo.org/glsa/201904-19
https://www.dovecot.org/list/dovecot/2019-February/114575.html
RedHat Security Advisories: RHSA-2019:3467
https://access.redhat.com/errata/RHSA-2019:3467
SuSE Security Announcement: openSUSE-SU-2019:1220 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.