Displaying 20 results from an estimated 300 matches similar to: "CVE-2016-8562 in dovecot"
2016 Dec 02
2
CVE-2016-8652 in dovecot
On 02.12.2016 10:45, Jonas Wielicki wrote:
> On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote:
>> We are sorry to report that we have a bug in dovecot, which merits a
>> CVE. See details below. If you haven't configured any auth_policy_*
>> settings you are ok. This is fixed with
>> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13
2016 Dec 03
2
CVE-2016-8652 in dovecot
On 03/12/2016 12:08, Jeremiah C. Foster wrote:
> On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:
> On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which
> merits a
> CVE. See details below. If you haven't configured any
> auth_policy_*
> settings you are ok. This
2016 Dec 03
2
CVE-2016-8652 in dovecot
> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote:
>
>
> On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:
> > On 03/12/2016 12:08, Jeremiah C. Foster wrote:
> >
> > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:
> > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.
2016 Dec 05
0
CVE-2016-8562 in dovecot
* Aki Tuomi schrieb am 02.12.16 um 08:00 Uhr:
Hi Aki,
> We are sorry to report that we have a bug in dovecot, which merits a
> CVE. See details below. If you haven't configured any auth_policy_*
> settings you are ok. This is fixed with
> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae
> and
>
2016 Dec 02
0
CVE-2016-8562 in dovecot
On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote:
> We are sorry to report that we have a bug in dovecot, which merits a
> CVE. See details below. If you haven't configured any auth_policy_*
> settings you are ok. This is fixed with
> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13
> a5a725ae and
>
2016 Dec 02
0
CVE-2016-8562 in dovecot
Am 02.12.2016 um 08:00 schrieb Aki Tuomi:
> Workaround is to disable auth-policy component until fix is in place.
> This can be done by commenting out all auth_policy_* settings.
Hello,
could you be more verbose on how to verify if administrators are affected?
# doveconf -n | grep auth_policy_ | wc -l
0
but there /are/ default settings:
# doveconf -d | grep auth_policy_
2018 Jan 28
2
Occasional crash in db-auth.c (Valgrind: Invalid read of size 4 et al.), Dovecot 2.2.27+
On Samstag, 27. Januar 2018 21:33:51 CET you wrote:
> Hi thank you for these, can you send doveconf -n for your minimal
> reproducer?
Ah darn, I was so caught up getting the valgrind traces that I forgot about
that. Here you go:
# 2.4.devel (54d0a5a30): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.14.0-2-amd64 x86_64 Debian buster/sid
# Hostname: sinistra.sotecware.net
auth_debug =
2016 Dec 03
0
CVE-2016-8652 in dovecot
On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:
>
> On 02.12.2016 10:45, Jonas Wielicki wrote:
> > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote:
> > > We are sorry to report that we have a bug in dovecot, which
> > > merits a
> > > CVE. See details below. If you haven't configured any
> > > auth_policy_*
> > > settings
2016 Dec 03
0
CVE-2016-8652 in dovecot
On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:
> On 03/12/2016 12:08, Jeremiah C. Foster wrote:
>
> > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:?
> > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember
> > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we
> > have a bug in dovecot, which
> > merits a
> > CVE.
2016 Dec 03
0
CVE-2016-8652 in dovecot
On Sat, 2016-12-03 at 21:25 +0200, Aki Tuomi wrote:
> > On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jerem
> > iahfoster.com> wrote:
> >
> > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote:
> > > On 03/12/2016 12:08, Jeremiah C. Foster wrote:
> > >
> > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Hi Team,
Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
Arjit Kumar
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi,
I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
SSH Terrapin Prefix Truncation
2018 Jan 27
2
Occasional crash in db-auth.c (Valgrind: Invalid read of size 4 et al.), Dovecot 2.2.27+
Dear list,
We are encountering troubles with dovecot using LDAP userdbs on Debian stretch
(but if I?m reading valgrind correctly, we can reproduce this with vanilla
dovecot master). Minimal reproducer below.
While testing an upgrade to Debian stretch (dovecot-core=1:2.2.27-3+deb9u1),
auth-worker has stopped working. We are using two LDAP user databases; one
which is iterable, and one which
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful:
https://access.redhat.com/security/cve/cve-2023-48795
On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
>
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.
Arjit Kumar
On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
>
> They are not unpublished:
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi,
This is a heads-up that there will be Samba security updates on
Thursday, July 2 2020. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 7.5, Medium)
- File server (CVSS 7.5, Medium)
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi,
This is a heads-up that there will be Samba security updates on
Thursday, July 2 2020. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 7.5, Medium)
- File server (CVSS 7.5, Medium)
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17