similar to: v2.3.5.2 released

Aki Tuomi via dovecot skrev den 2019-04-18 11:35: > ??? * CVE-2019-10691: Trying to login with 8bit username containing > ??? ? invalid UTF8 input causes auth process to crash if auth policy is > ??? ? enabled. This could be used rather easily to cause a DoS. Similar > ??? ? crash also happens during mail delivery when using invalid UTF8 > in > ??? ? From or Subject header when

https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki

https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki

> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

On 03/25/15 13:03, Benny Pedersen wrote: > Brad Smith skrev den 2015-03-25 16:58: >> On 03/25/15 08:46, Peter Chiochetti wrote: >>> Am 25.03.2015 um 13:23 schrieb Nick Edwards: >>>> So there *is* a chance it will be commercialised >>> Hasn't it been commercial for a long time? >> When was the last time you paid for Dovecot? The base product is

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 30 April 2019 21:06 @lbutlr via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

Hi! We are pleased to release Dovecot v2.3.6. Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. *

Hi! We are pleased to release Dovecot v2.3.6. Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. *

OS: Debian Lenny (kernel 2.6.26-2-686 Shorewall: 4.0.15 (installed from Debian repository) I have an FTP server behind Debian system I am using for a firewall and I am wanting to use Shorewall on it (the Debian firewall). Following the instructions for configuring FTP (at <http://www.shorewall.net/FTP.html>), I have the following rule in my /etc/shorewall/rules file: FTP(DNAT) net

Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super

Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP

Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any

when I run console with ruby 1.9.1 and rails 2.3.2, and trying to do something like User.first.name.encoding I''m getting #<Encoding:ASCII-8BIT>, though I''ve set "encoding: utf8" in database.yml any suggestions? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails:

Hello, I have in my db a register what have special characters, and when I try to put on my form to edit this values, this happens: incompatible character encodings: UTF-8 and ASCII-8BIT Extracted source (around line #4): 1: <%= form_for :group, :url => { :action => "update" } do |f| %> 2: <%= utf8_enforcer_tag %> 3: <label>Nome do grupo</label>

> dovecot supports sieve, so why the need for procmail ? Because I already HAVE procmail recipes and know proemial. The point is to make what I have, work. > On Nov 9, 2015, at 22:49, Benny Pedersen <me at junc.eu> wrote: > > On November 10, 2015 6:36:00 AM Vicki Brown <vlb at cfcl.com> wrote: > >> Can anyone help? > > dovecot supports sieve, so why

Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me at junc.eu> wrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've

I've been playing with weakforced, so it fills in the 'fail2ban across a cluster' niche (not to mention RBLs). It seems to work well, once you've actually read the docs :) I was curious if anyone had played with it and was *very* curious if anyone was using it in high traffic production. Getting things to 'work' versus getting them to work *and* handle a couple hundred

Hi All I'm using dovecot 2.0.16 with the pigeonhole plugin 0.25. I'm trying to use the notifiy mechanism from sieve to send notifications when a mail arrives in the mailbox. The message is checked to be a 8bit message, otherwise it is replaced by the default message "Notification of new message." How can I create a 8bit message body within the sieve script that is accepted