dovecot: Multiple vulnerabilities (CVE-2019-11494, CVE-2019-11499)
CVE-2019-11494: Submission-login crashes with signal 11 due to null
pointer access when authentication is
aborted by disconnecting. This can lead to denial-of-service attack by
persistent attacker(s).
Vulnerable version: 2.3.0 - 2.3.5.2
Fixed version: 2.3.6
Reference:
https://dovecot.org/list/dovecot-news/2019-April/000409.html
CVE-2019-11499: Submission-login crashes when authentication is
started over TLS secured channel and invalid
authentication message is sent. This can lead to denial-of-service
attack by persistent attacker(s).
Vulnerable version: 2.3.0 - 2.3.5.2
Fixed version: 2.3.6
Reference:
https://dovecot.org/list/dovecot-news/2019-April/000410.html
(from redmine: issue id 10386, created on 2019-05-02, closed on 2019-05-28)
- Relations:
- child #10387 (closed)
- child #10388 (closed)
- child #10389 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information