[BlueOnyx:24700] Dovecot CVE-2020-24386
Michael Stauber
mstauber at blueonyx.it
Wed Jan 6 11:29:03 -05 2021
Hi all,
This just popped up on my radar:
https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
They published a new version of Dovecot and it closes a vulnerability:
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
It's been quite a long while since Dovecot had any known
vulnerabilities, so this is indeed kind of unexpected.
I'm now checking if the Dovecots on 5209R and 5210R are affected by this.
5210R uses the CentOS 8 Dovecot and upstream doesn't have an updated
version yet.
5209R uses a Dovecot I've built from the sources, so I'll provide an
update for it within the next couple of hours.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list