Bug 26644 - dovecot new security issues CVE-2020-1095[78] and CVE-2020-10967
Summary: dovecot new security issues CVE-2020-1095[78] and CVE-2020-10967
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-05-19 19:20 CEST by David Walser
Modified: 2020-05-24 20:06 CEST (History)
4 users (show)

See Also:
Source RPM: dovecot-2.3.7.2-1.1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-05-19 19:20:37 CEST
Upstream has issued an advisory on May 18:
https://www.openwall.com/lists/oss-security/2020/05/18/1

The issues are fixed upstream in 2.3.10.1.
Comment 1 Stig-Ørjan Smelror 2020-05-19 20:36:00 CEST
Advisory
========

Dovecot has been updated to fix several security issues.

CVE-2020-10957: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service.
CVE-2020-10958: Sending command followed by sufficient number of newlines triggers a use-after-free bug that might crash submission-login, submission or lmtp service.
CVE-2020-10967: Sending mail with empty quoted localpart causes submission or lmtp component to crash.

References
==========

https://www.openwall.com/lists/oss-security/2020/05/18/1
https://nvd.nist.gov/vuln/detail/CVE-2020-10957
https://nvd.nist.gov/vuln/detail/CVE-2020-10958
https://nvd.nist.gov/vuln/detail/CVE-2020-10967

Files
=====

Uploaded to core/updates_testing  

dovecot-pigeonhole-2.3.10.1-1.mga7
dovecot-devel-2.3.10.1-1.mga7  
dovecot-pigeonhole-devel-2.3.10.1-1.mga7  
dovecot-plugins-ldap-2.3.10.1-1.mga7  
dovecot-plugins-pgsql-2.3.10.1-1.mga7  
dovecot-plugins-mysql-2.3.10.1-1.mga7  
dovecot-plugins-sqlite-2.3.10.1-1.mga7  
dovecot-plugins-gssapi-2.3.10.1-1.mga7  
dovecot-2.3.10.1.mga7           

from dovecot-2.3.10.1-1.mga7.src.rpm

Assignee: smelror => qa-bugs

Comment 2 PC LX 2020-05-19 22:30:55 CEST
Installed and tested without issues.

Tested with various accounts with several GiB of emails. Tested with kmail, roundcubemail and k9 clients.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 5.6.8-desktop-1.mga7 #1 SMP Thu Apr 30 06:12:53 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep dovecot
dovecot-2.3.10.1-1.mga7
dovecot-pigeonhole-2.3.10.1-1.mga7
$ systemctl status dovecot.service dovecot.socket
dovecot.service  dovecot.socket   
$ systemctl status dovecot.service dovecot.socket 
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-05-19 21:02:02 WEST; 16min ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
 Main PID: 15041 (dovecot)
    Tasks: 5 (limit: 4697)
   Memory: 12.5M
   CGroup: /system.slice/dovecot.service
           ├─15041 /usr/sbin/dovecot -F
           ├─15044 dovecot/anvil
           ├─15045 dovecot/log
           ├─15047 dovecot/config
           └─15049 dovecot/stats

mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15982, secured, session=<nXbh+AWmOKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15982><nXbh+AWmOKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=44 out=1407 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15988, secured, session=<0Qbq+AWmOqH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15990, secured, session=<z0Pq+AWmPKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15988><0Qbq+AWmOqH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=1073 out=3389 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
mai 19 21:17:44 marte dovecot[15045]: imap(pclx)<15990><z0Pq+AWmPKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=303 out=2829 deleted=0 expunged=0 trashed=0 hdr_count=3 hdr_bytes=992 body_count=0 body_bytes=0
mai 19 21:17:46 marte dovecot[15045]: imap-login: Login: user=<pclx>, method=PLAIN, rip=fd00:0:1:1::1, lip=fd00:0:1:1::1, mpid=15999, secured, session=<GiIL+QWmQKH9AAAAAAEAAQAAAAAAAAAB>
mai 19 21:17:46 marte dovecot[15045]: imap(pclx)<15999><GiIL+QWmQKH9AAAAAAEAAQAAAAAAAAAB>: Logged out in=323 out=23224 deleted=0 expunged=0 trashed=0 hdr_count=38 hdr_bytes=13386 body_count=0 body_bytes=0
mai 19 21:18:31 marte dovecot[15045]: imap(pclx)<15166><mzhBzQWmRJ/9AAAAAAEAAQAAAAAAAAAB>: Logged out in=151674 out=221896 deleted=0 expunged=2 trashed=0 hdr_count=2 hdr_bytes=5121 body_count=25 body_bytes=20>
mai 19 21:18:31 marte dovecot[15045]: imap(pclx)<15052><OIzJwAWmOp/9AAAAAAEAAQAAAAAAAAAB>: Logged out in=161 out=19294 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

● dovecot.socket - Dovecot IMAP/POP3 email server activation socket
   Loaded: loaded (/usr/local/lib/systemd/system/dovecot.socket; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-05-19 10:32:30 WEST; 10h ago
   Listen: 10.0.0.1:143 (Stream)
           10.0.0.1:993 (Stream)
           [fd00:0:1:1::1]:143 (Stream)
           [fd00:0:1:1::1]:993 (Stream)
    Tasks: 0 (limit: 4697)
   Memory: 196.0K
   CGroup: /system.slice/dovecot.socket

mai 19 10:32:30 marte systemd[1]: Listening on Dovecot IMAP/POP3 email server activation socket.

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Comment 3 Thomas Andrews 2020-05-20 14:02:55 CEST
Validating. Advisory in Comment 1.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 David Walser 2020-05-20 23:57:18 CEST
Ubuntu has issued an advisory for this on May 18:
https://usn.ubuntu.com/4361-1/
Thomas Backlund 2020-05-24 16:11:05 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-05-24 20:06:38 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0222.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.