CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin. Reference https://dovecot.org/pipermail/dovecot/2019-August/116875.html
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed in 2.2.36.4 and 2.3.7.2CVE: (none) => CVE-2019-11500
Whiteboard: MGA7TOO => MGA7TOO, MGA6TOO
Advisory ======== This update fixes CVE-2019-11500. CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. References ========== https://dovecot.org/pipermail/dovecot/2019-August/116875.html Files ===== Uploaded to core/updates_testing dovecot-2.3.7.2-1.mga7 dovecot-pigeonhole-2.3.7.2-1.mga7 dovecot-pigeonhole-devel-2.3.7.2-1.mga7 dovecot-plugins-pgsql-2.3.7.2-1.mga7 dovecot-plugins-mysql-2.3.7.2-1.mga7 dovecot-plugins-ldap-2.3.7.2-1.mga7 dovecot-plugins-gssapi-2.3.7.2-1.mga7 dovecot-plugins-sqlite-2.3.7.2-1.mga7 dovecot-devel-2.3.7.2-1.mga7 from dovecot-2.3.7.2-1.mga7.src.rpm
Assignee: smelror => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
Advisory ======== This update fixes CVE-2019-11500. CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. References ========== https://dovecot.org/pipermail/dovecot/2019-August/116875.html Files ===== Uploaded to core/updates_testing dovecot-2.2.36.4-1.mga6 dovecot-pigeonhole-2.2.36.4-1.mga6 dovecot-pigeonhole-devel-2.2.36.4-1.mga6 dovecot-plugins-pgsql-2.2.36.4-1.mga6 dovecot-plugins-mysql-2.2.36.4-1.mga6 dovecot-plugins-ldap-2.2.36.4-1.mga6 dovecot-plugins-gssapi-2.2.36.4-1.mga6 dovecot-plugins-sqlite-2.2.36.4-1.mga6 dovecot-devel-2.2.36.4-1.mga6 from dovecot-2.2.36.4-1.mga6.src.rpm
Ubuntu has issued an advisory for this today (August 28): https://usn.ubuntu.com/4110-1/
Did you also update the bundled pigeonhole to 0.5.7.2? See this thread: https://www.openwall.com/lists/oss-security/2019/08/28/3
Keywords: (none) => feedback
(In reply to David Walser from comment #4) > Did you also update the bundled pigeonhole to 0.5.7.2? See this thread: > https://www.openwall.com/lists/oss-security/2019/08/28/3 Yes. I forgot it once and now I always check if it's updated as well. Stig
Keywords: feedback => (none)
Installed and tested without issues. System: Mageia 7, x86_64, Intel CPU. E-mail Clients: kmail (Mageia 7), k9 (Android), roundcubemail (php/webmail). Tested using an e-mail account with several gigabytes of emails, many emails and folders. $ uname -a Linux marte 5.2.10-desktop-1.mga7 #1 SMP Sun Aug 25 17:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep dovecot dovecot-2.3.7.2-1.mga7 dovecot-pigeonhole-2.3.7.2-1.mga7 $ systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2019-08-31 21:35:25 WEST; 1min 50s ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Main PID: 18959 (dovecot) Memory: 22.4M CGroup: /system.slice/dovecot.service ├─18959 /usr/sbin/dovecot -F ├─18963 dovecot/anvil ├─18964 dovecot/log ├─18965 dovecot/imap-login ├─18966 dovecot/config ├─18967 dovecot/stats ├─18978 dovecot/imap ├─19022 dovecot/imap-login └─19025 dovecot/imap ago 31 21:35:25 marte systemd[1]: Started Dovecot IMAP/POP3 email server. ago 31 21:35:25 marte dovecot[18959]: master: Dovecot v2.3.7.2 (3c910f64b) starting up for imap
Whiteboard: MGA6TOO => MGA6TOO MGA7-64-OKCC: (none) => mageia
MGA6-64 Plasma on Lenovo B50 No installation issues Followed test as per bug 22793 Comment 6. Sending and receiving mail worked OK.
Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOO MGA7-64-OK MGA6-64-OKCC: (none) => herman.viaene
Validating. Advisories in Comments 1 and 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0261.html
Status: NEW => RESOLVEDResolution: (none) => FIXED