ALSA-2024:6529

[ALSA-2024:6529] Moderate: dovecot security update

Type:

security

Severity:

moderate

Release date:

2024-09-11

Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. 

Security Fix(es):

* dovecot: using a large number of address headers may trigger a denial of service (CVE-2024-23184)
* dovecot: very large headers can cause resource exhaustion when parsing message (CVE-2024-23185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dovecot-pigeonhole-2.3.16-11.el9_4.1.aarch64.rpm	1a167189826bdd1d661f10fbb302e3e9ef845f9bb63e4c0f683be4df502d5894
aarch64	dovecot-pgsql-2.3.16-11.el9_4.1.aarch64.rpm	746950b5df9b93d4238340ea3c688542b37488d8a4daea797f354c8384f2830a
aarch64	dovecot-mysql-2.3.16-11.el9_4.1.aarch64.rpm	819c713166c8ceeb2dd1511beb4f5f2d2c4ab3d5a6e4ed857b54a73e9f7afc35
aarch64	dovecot-2.3.16-11.el9_4.1.aarch64.rpm	b80fb147aeb512470aecf17c86f243c98e8c67cdd450573a65d7c180fac91526
aarch64	dovecot-devel-2.3.16-11.el9_4.1.aarch64.rpm	e63d32e3b6c4c2ff632911daed9e65b0989885c7015f9d0b23503b9e3fddb120
i686	dovecot-devel-2.3.16-11.el9_4.1.i686.rpm	3c02fd1b5274bbe7d993df8315ba5fa12467c371c9f0ad67fd64d1c40a4564b7
i686	dovecot-2.3.16-11.el9_4.1.i686.rpm	6b18cc3a2eb81d23f0f033dfec9edbfaefa217280a25ea82adb1483b732fb46d
ppc64le	dovecot-2.3.16-11.el9_4.1.ppc64le.rpm	510fb235dd31bfefcae581dd2d7fa5d0ee92c069d9d75ac91c7eda004c2de6cf
ppc64le	dovecot-pgsql-2.3.16-11.el9_4.1.ppc64le.rpm	886ba6dc189521537d3c08d944c2669a6835cc15d232db9f2537fb7c88525d61
ppc64le	dovecot-devel-2.3.16-11.el9_4.1.ppc64le.rpm	9b50330f62c579e790bb4a4a0e533ab9cbc5b875fbe085b75f64844b47d43237
ppc64le	dovecot-mysql-2.3.16-11.el9_4.1.ppc64le.rpm	a00f5912a52752b2c345e702a63139d8490e52fb794168922a6953f7e8868ed8
ppc64le	dovecot-pigeonhole-2.3.16-11.el9_4.1.ppc64le.rpm	f3ec96ff8b04ef7958ac6f9e09c7d6891f68b983196767fbec015ccb6c4c1b05
s390x	dovecot-mysql-2.3.16-11.el9_4.1.s390x.rpm	415eeaffc476826d809b7676e9fd03b08c5d28868d597ead6bf1da23f2b3ce7f
s390x	dovecot-devel-2.3.16-11.el9_4.1.s390x.rpm	6fba7c12a902532f5116b61b3f905de2bbf7701b8041631129af2f1d26ed7c62
s390x	dovecot-pgsql-2.3.16-11.el9_4.1.s390x.rpm	d9ca3a2a839759d49df49863ce5eeed97908b5fa2249988fc27368706a64bf81
s390x	dovecot-pigeonhole-2.3.16-11.el9_4.1.s390x.rpm	db70d10736bb948c296a521eec1183e450237b1ce3df97397bce3a6cf735f5a3
s390x	dovecot-2.3.16-11.el9_4.1.s390x.rpm	fc71161a7ec261c53c2061aab1f747a5ba69ea956051108a9eb1430034be351e
x86_64	dovecot-pigeonhole-2.3.16-11.el9_4.1.x86_64.rpm	38baf6dd2ebba5e9916cdac3eddbb990a2a373b7d049572346fa13cf79684767
x86_64	dovecot-devel-2.3.16-11.el9_4.1.x86_64.rpm	71f1e54f81773cfb8437d1ccb0cd18ab4247ee2a4a85380f2b8bd05cc82f91e9
x86_64	dovecot-pgsql-2.3.16-11.el9_4.1.x86_64.rpm	a0bcd516d9929477198a9acb042e0b00aa591a5af4a4133ba9e5229d9705b5fb
x86_64	dovecot-mysql-2.3.16-11.el9_4.1.x86_64.rpm	add715085f1b322577b01d0b52ad74af0a37382265b1a97bf3a63b6634564824
x86_64	dovecot-2.3.16-11.el9_4.1.x86_64.rpm	d9b4263802392411b520e8fe03e8f77a14dfc3689518bb5a3407d7b4e5c377fb

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.