Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition.
Package | net-mail/dovecot on all architectures |
---|---|
Affected versions | < 2.3.11.3 |
Unaffected versions | >= 2.3.11.3 |
Dovecot is an open source IMAP and POP3 email server.
It was discovered that Dovecot incorrectly handled deeply nested MIME parts, incorrectly handled memory when using NTLM, and incorrectly handled zero-length messages.
A remote attacker could send a specially crafted mail or send specially crafted authentication requests possibly resulting in a Denial of Service condition.
There is no known workaround at this time.
All Dovecot users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.11.3"
Release date
September 06, 2020
Latest revision
September 06, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries