CentOS Local Security Checks : CentOS: Security Advisory for dovecot (CESA-2020:3617)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883278

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for dovecot (CESA-2020:3617)

Resumen: The remote host is missing an update for the 'dovecot'; package(s) announced via the CESA-2020:3617 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dovecot'
package(s) announced via the CESA-2020:3617 advisory.

Vulnerability Insight:
Dovecot is an IMAP server for Linux and other UNIX-like systems, written
primarily with security in mind. It also contains a small POP3 server, and
supports e-mail in either the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: Resource exhaustion via deeply nested MIME parts
(CVE-2020-12100)

* dovecot: Out of bound reads in dovecot NTLM implementation
(CVE-2020-12673)

* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'dovecot' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-12100
Debian Security Information: DSA-4745 (Google Search)
https://www.debian.org/security/2020/dsa-4745
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/
http://seclists.org/fulldisclosure/2021/Jan/18
https://security.gentoo.org/glsa/202009-02
https://dovecot.org/security
https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html
http://www.openwall.com/lists/oss-security/2020/08/12/1
http://www.openwall.com/lists/oss-security/2021/01/04/3
https://usn.ubuntu.com/4456-1/
https://usn.ubuntu.com/4456-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-12673
SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html
SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-12674

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883278
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for dovecot (CESA-2020:3617)
Resumen:	The remote host is missing an update for the 'dovecot'; package(s) announced via the CESA-2020:3617 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the CESA-2020:3617 advisory. Vulnerability Insight: Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'dovecot' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12100 Debian Security Information: DSA-4745 (Google Search) https://www.debian.org/security/2020/dsa-4745 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/ http://seclists.org/fulldisclosure/2021/Jan/18 https://security.gentoo.org/glsa/202009-02 https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html http://www.openwall.com/lists/oss-security/2020/08/12/1 http://www.openwall.com/lists/oss-security/2021/01/04/3 https://usn.ubuntu.com/4456-1/ https://usn.ubuntu.com/4456-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12673 SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12674
Copyright	Copyright (C) 2020 Greenbone Networks GmbH