Red Hat Security Advisory 2020-1062-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a buffer overflow vulnerability.
1517dbf1863f00fb4691f1e13a0cdc1507d4badbd0e6e5642066299d6a0fc9c0
Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.
ce3244367b87fcc80f3c1b30e2cd4f8e11bb766839c1f9b30ca32d7fdfb24186
Ubuntu Security Notice 3928-1 - It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.
3c2320ae6736daa9c795d4a946c97ede8f4726472d37f7d90094b764077a9d2a
Debian Linux Security Advisory 4418-1 - A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS or pop3 migration plugins are affected.
5f7320a4f99efebe154199569271623544e4fc88c4a732369e2428dacd8a05c9