{"schema_version":"1.7.2","id":"OESA-2021-1042","modified":"2021-03-05T11:02:37Z","published":"2021-03-05T11:02:37Z","upstream":["CVE-2020-25275","CVE-2020-24386"],"summary":"dovecot security update","details":"\r\n\r\nSecurity Fix(es):\r\n\r\nDovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.(CVE-2020-25275)\r\n\r\nAn issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).(CVE-2020-24386)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"dovecot","purl":"pkg:rpm/openEuler/dovecot\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.10.1-4.oe1"}]}],"ecosystem_specific":{"aarch64":["dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm","dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm"],"src":["dovecot-2.3.10.1-4.oe1.src.rpm","dovecot-2.3.10.1-4.oe1.src.rpm"],"x86_64":["dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm","dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"dovecot","purl":"pkg:rpm/openEuler/dovecot\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.10.1-4.oe1"}]}],"ecosystem_specific":{"aarch64":["dovecot-help-2.3.10.1-4.oe1.aarch64.rpm","dovecot-devel-2.3.10.1-4.oe1.aarch64.rpm","dovecot-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.aarch64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.aarch64.rpm"],"src":["dovecot-2.3.10.1-4.oe1.src.rpm"],"x86_64":["dovecot-help-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debuginfo-2.3.10.1-4.oe1.x86_64.rpm","dovecot-devel-2.3.10.1-4.oe1.x86_64.rpm","dovecot-2.3.10.1-4.oe1.x86_64.rpm","dovecot-debugsource-2.3.10.1-4.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1042"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25275"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24386"}],"database_specific":{"severity":"High"}}