Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7013-1

Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-7013-1September 16, 2024dovecot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Dovecot.Software Description:- dovecot: IMAP and POP3 email serverDetails:It was discovered that Dovecot incorrectly handled a large number ofaddress headers. A remote attacker could possibly use this issue to causeDovecot to consume resources, leading to a denial of service.(CVE-2024-23184)It was discovered that Dovecot incorrectly handled very large headers. Aremote attacker could possibly use this issue to cause Dovecot to consumeresources, leading to a denial of service. (CVE-2024-23185)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   dovecot-core                    1:2.3.16+dfsg1-3ubuntu2.4Ubuntu 20.04 LTS   dovecot-core                    1:2.3.7.2-1ubuntu3.7In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-7013-1   CVE-2024-23184, CVE-2024-23185Package Information:   https://launchpad.net/ubuntu/+source/dovecot/1:2.3.16+dfsg1-3ubuntu2.4   https://launchpad.net/ubuntu/+source/dovecot/1:2.3.7.2-1ubuntu3.7

Related news

Red Hat Security Advisory 2024-6529-03

Red Hat Security Advisory 2024-6529-03 - An update for dovecot is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-6529-03

Red Hat Security Advisory 2024-6529-03 - An update for dovecot is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and resource exhaustion vulnerabilities.

Ubuntu Security Notice USN-6982-1

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

Ubuntu Security Notice USN-6982-1

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

Debian Security Advisory 5752-1

Debian Linux Security Advisory 5752-1 - Two vulnerabilities have been discovered in the IMAP implementation of large headers can result in high CPU usage, leading to denial of service.

Debian Security Advisory 5752-1

Debian Linux Security Advisory 5752-1 - Two vulnerabilities have been discovered in the IMAP implementation of large headers can result in high CPU usage, leading to denial of service.

Dovecot IMAP Server 2.2 / 2.3 Denial Of Service

Dovecot IMAP server versions 2.2 and 2.3 suffer from denial of service and resource exhaustion vulnerabilities.

Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting

Dovecot IMAP server versions 2.2 and 2.3 have an issue where a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution