similar to: CVE-2016-8562 in dovecot

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This

> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.

* Aki Tuomi schrieb am 02.12.16 um 08:00 Uhr: Hi Aki, > We are sorry to report that we have a bug in dovecot, which merits a > CVE. See details below. If you haven't configured any auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae > and >

On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > We are sorry to report that we have a bug in dovecot, which merits a > CVE. See details below. If you haven't configured any auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13 > a5a725ae and >

Am 02.12.2016 um 08:00 schrieb Aki Tuomi: > Workaround is to disable auth-policy component until fix is in place. > This can be done by commenting out all auth_policy_* settings. Hello, could you be more verbose on how to verify if administrators are affected? # doveconf -n | grep auth_policy_ | wc -l 0 but there /are/ default settings: # doveconf -d | grep auth_policy_

On Samstag, 27. Januar 2018 21:33:51 CET you wrote: > Hi thank you for these, can you send doveconf -n for your minimal > reproducer? Ah darn, I was so caught up getting the valgrind traces that I forgot about that. Here you go: # 2.4.devel (54d0a5a30): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.14.0-2-amd64 x86_64 Debian buster/sid # Hostname: sinistra.sotecware.net auth_debug =

On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > On 02.12.2016 10:45, Jonas Wielicki wrote: > > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > > > We are sorry to report that we have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings

On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > have a bug in dovecot, which > > merits a > > CVE.

On Sat, 2016-12-03 at 21:25 +0200, Aki Tuomi wrote: > > On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jerem > > iahfoster.com> wrote: > > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi

Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar

Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation

Dear list, We are encountering troubles with dovecot using LDAP userdbs on Debian stretch (but if I?m reading valgrind correctly, we can reproduce this with vanilla dovecot master). Minimal reproducer below. While testing an upgrade to Debian stretch (dovecot-core=1:2.2.27-3+deb9u1), auth-worker has stopped working. We are using two LDAP user databases; one which is iterable, and one which

You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote: > Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh >

Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. > > They are not unpublished:

Hi, This is a heads-up that there will be Samba security updates on Thursday, July 2 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 7.5, Medium) - File server (CVSS 7.5, Medium) Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team

Hi, This is a heads-up that there will be Samba security updates on Thursday, July 2 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 7.5, Medium) - File server (CVSS 7.5, Medium) Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug ID) Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences Vulnerable version: 2.2.26-2.3.11.3 Vulnerable component: imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-08-17