Oval Definition:oval:org.opensuse.security:def:109419
Revision Date:2021-01-05Version:1
Title:Security update for dovecot23 (Important)
Description:

This update for dovecot23 fixes the following issues:

Security issues fixed:

- CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size (bsc#1174922). - CVE-2020-12674: Fixed an improper implementation of the RPA mechanism (bsc#1174923). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406).

Non-security issues fixed:

- Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3.
Family:unixClass:patch
Status:Reference(s):1174920
1174922
1174923
1180405
1180406
CVE-2020-12100
CVE-2020-12673
CVE-2020-12674
CVE-2020-24386
CVE-2020-25275
SUSE-SU-2021:0028-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • dovecot23-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-mysql-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-pgsql-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-sqlite-2.3.11.3-17.5.1 is installed
  • OR dovecot23-devel-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-lucene-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-solr-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-squat-2.3.11.3-17.5.1 is installed
    • BACK