ALSA-2024:6973

[ALSA-2024:6973] Moderate: dovecot security update

Type:

security

Severity:

moderate

Release date:

2024-09-24

Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. 

Security Fix(es):

* dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184)
* dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dovecot-pigeonhole-2.3.16-6.el8_10.aarch64.rpm	1956b0d6e99c824fc6233dc9cf1ac85340a9c215a688244db1eb68c9d1d5e54f
aarch64	dovecot-pgsql-2.3.16-6.el8_10.aarch64.rpm	7e254695f4b2bbdbc9b62d903d7e327c3011f87666e8760c2afa35322954f525
aarch64	dovecot-mysql-2.3.16-6.el8_10.aarch64.rpm	c06c8bff183df6a875a8ec06a35b5ca90fb4a9f0dc3a16eb0de11e39606c89cb
aarch64	dovecot-2.3.16-6.el8_10.aarch64.rpm	d606f9bcc0469e963ceb5bc0030e9d9ca6d247a2eb9ad031e71d201b3e6e4b4c
aarch64	dovecot-devel-2.3.16-6.el8_10.aarch64.rpm	e2a2b03e0c360f624ade1437314b23f795e6cd366edc83b2b3d8ebe5a3f23da6
i686	dovecot-devel-2.3.16-6.el8_10.i686.rpm	17094f68aa03ac4fd1224d145c5dca27d8b3a590e85fff7b0419efdd593ef21d
i686	dovecot-2.3.16-6.el8_10.i686.rpm	435fb52d6cd6c86bc40506a1a7887954544c4db8ffc594be803321c86a8c3f40
ppc64le	dovecot-pigeonhole-2.3.16-6.el8_10.ppc64le.rpm	0957189077ed9d0a11b823cd9b3cc0695267ecd04db7d702b838306278af6dbb
ppc64le	dovecot-pgsql-2.3.16-6.el8_10.ppc64le.rpm	0cff0fe9e905994f0c8746bbefd87c92bd3d4d9b91b5edc987832b9db16c7dee
ppc64le	dovecot-2.3.16-6.el8_10.ppc64le.rpm	7b27cbcffc938ff75e7f482c47c8b4fd0f9f2207dd3321879833e24bb5e5d69d
ppc64le	dovecot-devel-2.3.16-6.el8_10.ppc64le.rpm	bbecf05bb28efad6285b03264bc4197892247cc6acde6f122b045d21e2762864
ppc64le	dovecot-mysql-2.3.16-6.el8_10.ppc64le.rpm	f4ace612ae10a321d8f22c1b391a245892a30ab3b36a86980f1d8e72116e37d0
s390x	dovecot-pigeonhole-2.3.16-6.el8_10.s390x.rpm	0061e7f23ac3949a84754a7067815856f8608ec1fec7ba730565cdb86234e554
s390x	dovecot-2.3.16-6.el8_10.s390x.rpm	3bd7d8c7c9116eb08ce0459c2d5a3f45c3aa864c1f200563f7dfea400da08537
s390x	dovecot-devel-2.3.16-6.el8_10.s390x.rpm	b88ce76d9b90b599dce3eebb3c7b05e5c51f5b59b05dac27efdbcc85d1ae90b5
s390x	dovecot-pgsql-2.3.16-6.el8_10.s390x.rpm	b8ad3608e41a212f643a3a1b84f2c686240d2fe71614aab31d586b01c0101924
s390x	dovecot-mysql-2.3.16-6.el8_10.s390x.rpm	e860eed009360399abb29d8fe38709911526ee0960620c31b8555f05961431f7
x86_64	dovecot-devel-2.3.16-6.el8_10.x86_64.rpm	73c541b137a06362c21e12eb56f58bc332f65cf772c9fedee0b6a6442a20164f
x86_64	dovecot-pgsql-2.3.16-6.el8_10.x86_64.rpm	8b9c28c29788e6727479e52d1ab4b138529329a840321676eeac0c03ec677d8a
x86_64	dovecot-mysql-2.3.16-6.el8_10.x86_64.rpm	a11d383e40da6e447cd0554c77660f61cf663687907c0d770c3dc58c0bdf0ca7
x86_64	dovecot-pigeonhole-2.3.16-6.el8_10.x86_64.rpm	a3f9c939fcf6baf047ac9c05f6bb82c1c0a24ddc232bae91006f2faf9db665c5
x86_64	dovecot-2.3.16-6.el8_10.x86_64.rpm	fe4c37e0b9836285c14515f82105ef5bd7f65eb00701a270a3f4ff802a2bd8fa

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.