FEDORA-2020-cd8b8f887b created by mhlavink 2 months ago for Fedora 31
stable
CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.

How to install

sudo dnf upgrade --advisory=FEDORA-2020-cd8b8f887b

This update has been submitted for testing by mhlavink.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update can be pushed to stable now if the maintainer wishes

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
BZ#1868539 CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts [fedora-all]
0
0
BZ#1868540 CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation [fedora-all]
0
0
BZ#1868541 CVE-2020-12674 dovecot: Crash due to assert in RPA implementation [fedora-all]
0
0

Automated Test Results