Oval Definition:oval:org.opensuse.security:def:97168
Revision Date:2021-01-05Version:1
Title:Security update for dovecot23 (Important)
Description:

This update for dovecot23 fixes the following issues:

Security issues fixed:

- CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size (bsc#1174922). - CVE-2020-12674: Fixed an improper implementation of the RPA mechanism (bsc#1174923). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406).

Non-security issues fixed:

- Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3.
Family:unixClass:patch
Status:Reference(s):1174920
1174922
1174923
1180405
1180406
CVE-2020-12100
CVE-2020-12673
CVE-2020-12674
CVE-2020-24386
CVE-2020-25275
SUSE-SU-2021:0028-1
Platform(s):openSUSE Leap 15.3 SLE Imports
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 SLE Imports is installed
  • AND Package Information
  • dovecot23-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-mysql-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-pgsql-2.3.11.3-17.5.1 is installed
  • OR dovecot23-backend-sqlite-2.3.11.3-17.5.1 is installed
  • OR dovecot23-devel-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-lucene-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-solr-2.3.11.3-17.5.1 is installed
  • OR dovecot23-fts-squat-2.3.11.3-17.5.1 is installed
    • BACK