MK
2019-Sep-02 08:01 UTC
AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Good Morning List, just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers and some backend server, which store the mailboxes. Is it anough to update the frontend servers if I like to fix the the vulnerability? greetings, Oliver
Sami Ketola
2019-Sep-02 08:35 UTC
CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
> On 2 Sep 2019, at 11.01, MK via dovecot <dovecot at dovecot.org> wrote: > > Good Morning List, > > just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers > and some backend server, which store the mailboxes. > Is it anough to update the frontend servers if I like to fix the the vulnerability?No. Sami
MK
2019-Sep-02 09:51 UTC
AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
>> On 2 Sep 2019, at 11.01, MK via dovecot <dovecot at dovecot.org> wrote: >> >> Good Morning List, >> >> just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers >> and some backend server, which store the mailboxes. >> Is it anough to update the frontend servers if I like to fix the the vulnerability?>No. > >SamiThanks. Do I understand this correct that updating the frontends fixes only the vulnerability for anonymous requests and for users logged in the vulnerability still exists if I don't update the backend servers? Oliver
Possibly Parallel Threads
- AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
- AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
- CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
- CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
- CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole