similar to: v2.3.5.2 released

Displaying 20 results from an estimated 10000 matches similar to: "v2.3.5.2 released"

2019 Apr 18
0
v2.3.5.2 released
Aki Tuomi via dovecot skrev den 2019-04-18 11:35: > ??? * CVE-2019-10691: Trying to login with 8bit username containing > ??? ? invalid UTF8 input causes auth process to crash if auth policy is > ??? ? enabled. This could be used rather easily to cause a DoS. Similar > ??? ? crash also happens during mail delivery when using invalid UTF8 > in > ??? ? From or Subject header when
2019 Apr 18
0
v2.3.5.2 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki
2019 Apr 18
0
v2.3.5.2 released
https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.5.2.tar.gz.sig Binary packages in https://repo.dovecot.org/ * CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index. Exploiting this requires direct write access to the index files. --- Aki
2020 Apr 22
2
Recommendations on intrusion prevention/detection?
> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2015 Mar 25
3
Dovecot Oy merger with Open-Xchange AG
On 03/25/15 13:03, Benny Pedersen wrote: > Brad Smith skrev den 2015-03-25 16:58: >> On 03/25/15 08:46, Peter Chiochetti wrote: >>> Am 25.03.2015 um 13:23 schrieb Nick Edwards: >>>> So there *is* a chance it will be commercialised >>> Hasn't it been commercial for a long time? >> When was the last time you paid for Dovecot? The base product is
2019 Apr 30
1
Dovecot release v2.3.6
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 30 April 2019 21:06 @lbutlr via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>
2019 Apr 30
5
Dovecot release v2.3.6
Hi! We are pleased to release Dovecot v2.3.6. Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. *
2019 Apr 30
5
Dovecot release v2.3.6
Hi! We are pleased to release Dovecot v2.3.6. Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. *
2012 Feb 11
6
"ERROR: Invalid action" for FTP
OS: Debian Lenny (kernel 2.6.26-2-686 Shorewall: 4.0.15 (installed from Debian repository) I have an FTP server behind Debian system I am using for a firewall and I am wanting to use Shorewall on it (the Debian firewall). Following the instructions for configuring FTP (at <http://www.shorewall.net/FTP.html>), I have the following rule in my /etc/shorewall/rules file: FTP(DNAT) net
2019 Jan 16
2
Dovecot + Weakforced Policy server
Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super
2019 Jan 16
2
Dovecot + Weakforced Policy server
Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP
2013 Apr 06
13
script to detect dictionary attacks
Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any
2009 Mar 21
15
mysql encoding with rails 2.3.2 and ruby 1.9.1
when I run console with ruby 1.9.1 and rails 2.3.2, and trying to do something like User.first.name.encoding I''m getting #<Encoding:ASCII-8BIT>, though I''ve set "encoding: utf8" in database.yml any suggestions? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails:
2012 Feb 07
10
Encoding error
Hello, I have in my db a register what have special characters, and when I try to put on my form to edit this values, this happens: incompatible character encodings: UTF-8 and ASCII-8BIT Extracted source (around line #4): 1: <%= form_for :group, :url => { :action => "update" } do |f| %> 2: <%= utf8_enforcer_tag %> 3: <label>Nome do grupo</label>
2015 Nov 10
3
* Re: procmail as a content_filter with dovecot
> dovecot supports sieve, so why the need for procmail ? Because I already HAVE procmail recipes and know proemial. The point is to make what I have, work. > On Nov 9, 2015, at 22:49, Benny Pedersen <me at junc.eu> wrote: > > On November 10, 2015 6:36:00 AM Vicki Brown <vlb at cfcl.com> wrote: > >> Can anyone help? > > dovecot supports sieve, so why
2015 Sep 17
2
restrict map-login by geoip?
Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me at junc.eu> wrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've
2017 Jul 18
2
weakforced
I've been playing with weakforced, so it fills in the 'fail2ban across a cluster' niche (not to mention RBLs). It seems to work well, once you've actually read the docs :) I was curious if anyone had played with it and was *very* curious if anyone was using it in high traffic production. Getting things to 'work' versus getting them to work *and* handle a couple hundred
2012 Feb 05
2
Sieve notify messages
Hi All I'm using dovecot 2.0.16 with the pigeonhole plugin 0.25. I'm trying to use the notifiy mechanism from sieve to send notifications when a mail arrives in the mailbox. The message is checked to be a 8bit message, otherwise it is replaced by the default message "Notification of new message." How can I create a 8bit message body within the sieve script that is accepted