Debian alert DLA-1736-1 (dovecot)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1736-1] dovecot security update | |
| Date: | Fri, 29 Mar 2019 14:10:44 +0100 | |
| Message-ID: | <2dbbe92b-b57f-1c4c-b79b-9f367dd1a393@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : dovecot Version : 1:2.2.13-12~deb8u6 CVE ID : CVE-2019-7524 A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS plugins are affected. For Debian 8 "Jessie", this problem has been fixed in version 1:2.2.13-12~deb8u6. We recommend that you upgrade your dovecot packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyeGVRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSQkBAArW3TSJkFe2HAw7x/pQJ3aiyXQRQ0KtzBoGJgaDTNQV5J4Dr6OvIj8ZNO KQBDn7W2MMEAMS7IWglaAd5CBmGuxBOsQlhPdPHF79iJpEdwo7lfgNX/v4fhFzHh IPItFHpe8zl327cZajFO6inZ0+Fc59X/qtQizkNxFxFc8Dm/MViXpYId6k+xZML8 7l8pnr2aZ3zy0XOMMYWLS94iOiE08Nl2snN6D7ZyjaR9UHXkJY0+W5RKx3zR41rf NnQiEGIp37GdZDELwEKDGhxkbCjh+5zX2i9plfP3WSUA4mhxD5OK0gGuDBdCTt/+ Sh+AuZ/NER3rqadnU84Iff9APUtdk/3lESz36kSDOCLAYtgIIYHQ+miHNJrXFhMw Y+m02PD2slf7lFSPdkiiwdfNgAqoKdSZRwDXh6jIBi7D2tePXxi1oXo/0sWc5Qje WIuFO9FTVYB2uG8S0o7uQ+Z+6gXttY+7kVk2V6dnJdGe2CDZe6bJS9Jz9EDouEXP /qk2xKrfiwt4K0clys3fu9ICkBTlzwCShdWWEDEGN2nm/SncVEyaEHJTqm/Jjzte B1pBKv0kAg23bmPCynpzKXe/0+67Rbzhtq02DqIr+pbUBDBtfM6oS1tkIMULHbwc tPSrJklldgY5fD+ZkpxUSPpXs050fqJMxD1NH2CuFqsXBZmvc2w= =CfSM -----END PGP SIGNATURE-----