Security update for dovecot23
This update for dovecot23 fixes the following issue:
- CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559)
- CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625).
- CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Peter Varkoly (varkoly)
Fixed bugs
bnc#1145559
VUL-0: CVE-2019-11500: dovecot22, dovecot23: IMAP and ManageSieve protocol parsers do not properly handle NUL byte
bnc#1133624
VUL-0: CVE-2019-11494: dovecot23: Submission-login crashes over aborted/disconected authentication
bnc#1133625
VUL-0: CVE-2019-11499: dovecot23: Submission-login crashes over TLS authentication
