Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0330)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0330

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0330)

Resumen: The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2020-0330 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2020-0330 advisory.

Vulnerability Insight:
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource
exhaustion as Dovecot attempts to parse it.
CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message
buffer size, which leads to reading past allocation which can lead to crash.
CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length
message, which leads to assert-crash later on.

Affected Software/OS:
'dovecot' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-12100
Debian Security Information: DSA-4745 (Google Search)
https://www.debian.org/security/2020/dsa-4745
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/
http://seclists.org/fulldisclosure/2021/Jan/18
https://security.gentoo.org/glsa/202009-02
https://dovecot.org/security
https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html
http://www.openwall.com/lists/oss-security/2020/08/12/1
http://www.openwall.com/lists/oss-security/2021/01/04/3
https://usn.ubuntu.com/4456-1/
https://usn.ubuntu.com/4456-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-12673
SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html
SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-12674

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0330
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0330)
Resumen:	The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2020-0330 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dovecot' package(s) announced via the MGASA-2020-0330 advisory. Vulnerability Insight: CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. Affected Software/OS: 'dovecot' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12100 Debian Security Information: DSA-4745 (Google Search) https://www.debian.org/security/2020/dsa-4745 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/ http://seclists.org/fulldisclosure/2021/Jan/18 https://security.gentoo.org/glsa/202009-02 https://dovecot.org/security https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html http://www.openwall.com/lists/oss-security/2020/08/12/1 http://www.openwall.com/lists/oss-security/2021/01/04/3 https://usn.ubuntu.com/4456-1/ https://usn.ubuntu.com/4456-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12673 SuSE Security Announcement: openSUSE-SU-2020:1241 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html SuSE Security Announcement: openSUSE-SU-2020:1262 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12674
Copyright	Copyright (C) 2022 Greenbone AG