Dovecot CVE-2019-11500 updates
A vulnerability has been found in the Dovecot service. Updates for BlueOnyx 5207R, 5208R and 5209R have just been released.
The MITRE CVE dictionary describes this issue as:
In Dovecot before 18.104.22.168 and 2.3.x before 22.214.171.124 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
To fix the issue we rolled up Dovecot v126.96.36.199 and released them as YUM updates for BlueOnyx 5207R, 5208R and 5209R. If you don't have daily YUM updates enabled, then you are urged to run "yum clean all" and "yum update" to install the updated Dovecot RPMs.