Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Dovecot Security: CVE-2024-23185 “high” and CVE-2024-23184 “medium”

Dovecot Security: CVE-2024-23185 “high” and CVE-2024-23184 “medium”

Scheduled Pinned Locked Moved Solved Support
securitymaildovecot
4 Posts 2 Posters 236 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote on last edited by girish
    #1

    https://www.openwall.com/lists/oss-security/2024/08/15/4
    https://www.openwall.com/lists/oss-security/2024/08/15/3

    Attackers can exploit two vulnerabilities in the Dovecot IMAP server and take systems out of service using DoS attacks. A protected version is available for download.

    Email server not accessible: Attackers can trigger the attacks via prepared emails. Very large headers generate errors during email parsing, so that a lot of memory is used and servers fall into a DoS state (CVE-2024-23185 “high”).

    The second vulnerability (CVE-2024-23184 “medium”) can be triggered via a large number of address headers (To, Cc, ...). This also leads to a DoS state. According to the developers, version strings 2.2 and 2.3 are threatened by both vulnerabilities. Issue 2.3.21.1 provides a remedy. So far there is no information on ongoing attacks.

    1 Reply Last reply
    1
    • girishG Offline
      girishG Offline
      girish Staff
      wrote on last edited by
      #2

      I haven't seen a notice about this yet - https://ubuntu.com/security/notices . So far, the CVEs are not listed in https://ubuntu.com/security/cves either .

      1 Reply Last reply
      0
      • girishG girish marked this topic as a question on
      • girishG Offline
        girishG Offline
        girish Staff
        wrote on last edited by
        #3

        This is now available at https://ubuntu.com/security/notices/USN-6982-1 . We will update dovecot

        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish Staff
          wrote on last edited by
          #4

          This doesn't affect Cloudron as such but the upcoming mail addon update contains the fix.

          1 Reply Last reply
          2
          • girishG girish has marked this topic as solved on

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search