Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0557)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0557

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0557)

Zusammenfassung: The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2021-0557 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2021-0557 advisory.

Vulnerability Insight:
Updated dovecot packages fix security vulnerabilities:

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource
Consumption, as demonstrated by a situation with a complex regular
expression for the regex extension (CVE-2020-28200).

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access
to the local filesystem can trick OAuth2 authentication into using an HS256
validation key from an attacker-controlled location. This occurs during use
of local JWT validation with the posix fs driver (CVE-2021-29157).

The submission service in Dovecot before 2.3.15 allows STARTTLS command
injection in lib-smtp. Sensitive information can be redirected to an
attacker-controlled address (CVE-2021-33515).

Affected Software/OS:
'dovecot' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-28200
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/
https://dovecot.org/security
Common Vulnerability Exposure (CVE) ID: CVE-2021-29157
https://security.gentoo.org/glsa/202107-41
Common Vulnerability Exposure (CVE) ID: CVE-2021-33515
https://lists.debian.org/debian-lts-announce/2022/09/msg00032.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0557
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0557)
Zusammenfassung:	The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2021-0557 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2021-0557 advisory. Vulnerability Insight: Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension (CVE-2020-28200). Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver (CVE-2021-29157). The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address (CVE-2021-33515). Affected Software/OS: 'dovecot' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-28200 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/ https://dovecot.org/security Common Vulnerability Exposure (CVE) ID: CVE-2021-29157 https://security.gentoo.org/glsa/202107-41 Common Vulnerability Exposure (CVE) ID: CVE-2021-33515 https://lists.debian.org/debian-lts-announce/2022/09/msg00032.html
Copyright	Copyright (C) 2022 Greenbone AG