Upstream information

CVE-2019-11494 at MITRE

Description

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

SUSE information

CVSS v3 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
CVSSv3 Version 3.0
SUSE Bugzilla entries: 1133624 [NEW], 1133625 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Server Applications 15
  • dovecot23 >= 2.3.3-4.18.1
  • dovecot23-backend-mysql >= 2.3.3-4.18.1
  • dovecot23-backend-pgsql >= 2.3.3-4.18.1
  • dovecot23-backend-sqlite >= 2.3.3-4.18.1
  • dovecot23-devel >= 2.3.3-4.18.1
  • dovecot23-fts >= 2.3.3-4.18.1
  • dovecot23-fts-lucene >= 2.3.3-4.18.1
  • dovecot23-fts-solr >= 2.3.3-4.18.1
  • dovecot23-fts-squat >= 2.3.3-4.18.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-2019-2516
SUSE Linux Enterprise Module for Server Applications 15 SP1
  • dovecot23 >= 2.3.3-8.1
  • dovecot23-backend-mysql >= 2.3.3-8.1
  • dovecot23-backend-pgsql >= 2.3.3-8.1
  • dovecot23-backend-sqlite >= 2.3.3-8.1
  • dovecot23-devel >= 2.3.3-8.1
  • dovecot23-fts >= 2.3.3-8.1
  • dovecot23-fts-lucene >= 2.3.3-8.1
  • dovecot23-fts-solr >= 2.3.3-8.1
  • dovecot23-fts-squat >= 2.3.3-8.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-SP1-2019-2514
openSUSE Leap 15.0
  • dovecot23 >= 2.3.3-lp150.14.1
  • dovecot23-backend-mysql >= 2.3.3-lp150.14.1
  • dovecot23-backend-mysql-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-backend-pgsql >= 2.3.3-lp150.14.1
  • dovecot23-backend-pgsql-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-backend-sqlite >= 2.3.3-lp150.14.1
  • dovecot23-backend-sqlite-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-debugsource >= 2.3.3-lp150.14.1
  • dovecot23-devel >= 2.3.3-lp150.14.1
  • dovecot23-fts >= 2.3.3-lp150.14.1
  • dovecot23-fts-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-fts-lucene >= 2.3.3-lp150.14.1
  • dovecot23-fts-lucene-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-fts-solr >= 2.3.3-lp150.14.1
  • dovecot23-fts-solr-debuginfo >= 2.3.3-lp150.14.1
  • dovecot23-fts-squat >= 2.3.3-lp150.14.1
  • dovecot23-fts-squat-debuginfo >= 2.3.3-lp150.14.1
Patchnames:
openSUSE-2019-2278
openSUSE Leap 15.1
  • dovecot23 >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-mysql >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-mysql-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-pgsql >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-pgsql-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-sqlite >= 2.3.3-lp151.2.6.1
  • dovecot23-backend-sqlite-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-debugsource >= 2.3.3-lp151.2.6.1
  • dovecot23-devel >= 2.3.3-lp151.2.6.1
  • dovecot23-fts >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-lucene >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-lucene-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-solr >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-solr-debuginfo >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-squat >= 2.3.3-lp151.2.6.1
  • dovecot23-fts-squat-debuginfo >= 2.3.3-lp151.2.6.1
Patchnames:
openSUSE-2019-2281