Fedora Linux 8770 Published by

The following two Dovecot security updates have been released for Fedora Linux:

[SECURITY] Fedora 40 Update: dovecot-2.3.21.1-1.fc40
[SECURITY] Fedora 39 Update: dovecot-2.3.21.1-1.fc39




[SECURITY] Fedora 40 Update: dovecot-2.3.21.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e23e8a3f1e
2024-08-28 02:35:34.688486
--------------------------------------------------------------------------------

Name : dovecot
Product : Fedora 40
Version : 2.3.21.1
Release : 1.fc40
URL : https://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

CVE-2024-23184: A large number of address headers in email resulted in excessive
CPU usage.
CVE-2024-23185: Abnormally large email headers are now truncated or discarded,
with a limit of 10MB on a single header and 50MB for all the headers of all the
parts of an email.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 19 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21.1-1
- updated to 2.3.21.1(2304907)
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:2.3.21-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jun 18 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21-8
- fix sieve crash when there are two missing optional scripts
- Do not use deprecated OpenSSL v3 ENGINE API
- Drop dependency on libstemmer on RHEL
* Tue Mar 26 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21-7
- drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e23e8a3f1e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: dovecot-2.3.21.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ba5bb9f63a
2024-08-28 02:20:34.962027
--------------------------------------------------------------------------------

Name : dovecot
Product : Fedora 39
Version : 2.3.21.1
Release : 1.fc39
URL : https://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

--------------------------------------------------------------------------------
Update Information:

CVE-2024-23184: A large number of address headers in email resulted in excessive
CPU usage.
CVE-2024-23185: Abnormally large email headers are now truncated or discarded,
with a limit of 10MB on a single header and 50MB for all the headers of all the
parts of an email.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 19 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21.1-1
- updated to 2.3.21.1(2304907)
* Wed Jul 17 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:2.3.21-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jun 18 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21-8
- fix sieve crash when there are two missing optional scripts
- Do not use deprecated OpenSSL v3 ENGINE API
- Drop dependency on libstemmer on RHEL
* Tue Mar 26 2024 Michal Hlavinka [mhlavink@redhat.com] - 1:2.3.21-7
- drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
* Wed Jan 31 2024 Pete Walter [pwalter@fedoraproject.org] - 1:2.3.21-6
- Rebuild for ICU 74
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:2.3.21-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1:2.3.21-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ba5bb9f63a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--