Dovecot CVE-2019-11500 updates

Posted by: mstauber Category: General

A vulnerability has been found in the Dovecot service. Updates for BlueOnyx 5207R, 5208R and 5209R have just been released.

The MITRE CVE dictionary describes this issue as:

In Dovecot before and 2.3.x before (and Pigeonhole before, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

To fix the issue we rolled up Dovecot v2.2.36.4 and released them as YUM updates for BlueOnyx 5207R, 5208R and 5209R. If you don't have daily YUM updates enabled, then you are urged to run "yum clean all" and "yum update" to install the updated Dovecot RPMs.

More information about the vulnerability is available in the RedHat Errata and on the Dovecot mailing list.

Sep 1, 2019 Category: General Posted by: mstauber
Previous page: Development Next page: Mailing List