CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
69.4%
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es):
dovecot: Improper certificate validation (CVE-2019-3814)
dovecot: Buffer overflow in indexer-worker process results in privilege escalation (CVE-2019-7524)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | s390x | dovecot-debuginfo | < 2.2.36-6.el7 | dovecot-debuginfo-2.2.36-6.el7.s390x.rpm |
RedHat | 7 | ppc64le | dovecot-mysql | < 2.2.36-6.el7 | dovecot-mysql-2.2.36-6.el7.ppc64le.rpm |
RedHat | 7 | s390x | dovecot-devel | < 2.2.36-6.el7 | dovecot-devel-2.2.36-6.el7.s390x.rpm |
RedHat | 7 | x86_64 | dovecot-pigeonhole | < 2.2.36-6.el7 | dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm |
RedHat | 7 | s390x | dovecot | < 2.2.36-6.el7 | dovecot-2.2.36-6.el7.s390x.rpm |
RedHat | 7 | ppc64 | dovecot-debuginfo | < 2.2.36-6.el7 | dovecot-debuginfo-2.2.36-6.el7.ppc64.rpm |
RedHat | 7 | x86_64 | dovecot-pgsql | < 2.2.36-6.el7 | dovecot-pgsql-2.2.36-6.el7.x86_64.rpm |
RedHat | 7 | x86_64 | dovecot-debuginfo | < 2.2.36-6.el7 | dovecot-debuginfo-2.2.36-6.el7.x86_64.rpm |
RedHat | 7 | s390 | dovecot-debuginfo | < 2.2.36-6.el7 | dovecot-debuginfo-2.2.36-6.el7.s390.rpm |
RedHat | 7 | x86_64 | dovecot-devel | < 2.2.36-6.el7 | dovecot-devel-2.2.36-6.el7.x86_64.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
69.4%