Dovecot CVE-2019-11500 updates

01Sep 2019Posted by: mstauberCategory: General

A vulnerability has been found in the Dovecot service. Updates for BlueOnyx 5207R, 5208R and 5209R have just been released.

The MITRE CVE dictionary describes this issue as:

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '

BlueOnyx Linux Server Appliance

Powerful, secure, and easy-to-use web hosting and email server.
Built on AlmaLinux, designed for professionals.

Download Now Documentation

Welcome to BlueOnyx

Your complete open-source Linux server solution

BlueOnyx is a Linux distribution based on AlmaLinux, Rocky Linux and RHEL. It provides a web-based interface for managing web, email, DNS and other services.

Key Features

Easy Management

Web-based GUI for all server management tasks. No command line required.

Secure by Default

Built-in firewall, SSL/TLS support, and security updates.

Email Server

Complete email solution with webmail, spam filtering, and virus protection.

Virtual Sites

Host multiple websites with independent configurations and users.

© 2008-2026 BlueOnyx Project. All rights reserved.

' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

To fix the issue we rolled up Dovecot v2.2.36.4 and released them as YUM updates for BlueOnyx 5207R, 5208R and 5209R. If you don't have daily YUM updates enabled, then you are urged to run "yum clean all" and "yum update" to install the updated Dovecot RPMs.

More information about the vulnerability is available in the RedHat Errata and on the Dovecot mailing list.

Sep 01, 2019 Category: General Posted by: mstauber
← Return