|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu: Security Advisory for dovecot (USN-4993-1)|
|Summary:||The remote host is missing an update for the 'dovecot'; package(s) announced via the USN-4993-1 advisory.|
The remote host is missing an update for the 'dovecot'
package(s) announced via the USN-4993-1 advisory.
Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT
tokens. A local attacker could possibly use this issue to validate tokens
using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu
Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly
handled STARTTLS when using the SMTP submission service. A remote attacker
could possibly use this issue to inject plaintext commands before
STARTTLS negotiation. (CVE-2021-33515)
'dovecot' package(s) on Ubuntu 20.10, Ubuntu 20.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2021-29157|
Common Vulnerability Exposure (CVE) ID: CVE-2021-33515
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.