Mailcow-dockerized: Dovecot DOV-3278 (bump version)

Created on 28 Aug 2019  路  3Comments  路  Source: mailcow/mailcow-dockerized

Please check for https://www.openwall.com/lists/oss-security/2019/08/28/3 if mailcow is affected.

Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.

picture Adorfer

Most helpful comment

I just ran update.sh and dovecot got bumped to 2.3.7.2 (it has been 2.3.6 prior):

$ docker exec mailcow_dovecot-mailcow_1 dovecot --version
2.3.7.2 (3c910f64b)
picture chibacityblues on 28 Aug 2019
👍3

All 3 comments

I just ran update.sh and dovecot got bumped to 2.3.7.2 (it has been 2.3.6 prior):

$ docker exec mailcow_dovecot-mailcow_1 dovecot --version
2.3.7.2 (3c910f64b)
chibacityblues picture chibacityblues on 28 Aug 2019
👍3

Sidenote: Pigeonhole / Managesieve prior to 0.5.7.2 is affected also. After updating, Pigeonhole is fine too:

docker exec mailcow_dovecot-mailcow_1 dovecot -n |grep Pigeonhole
# Pigeonhole version 0.5.7.2 (7372921a)
chibacityblues picture chibacityblues on 28 Aug 2019

checked: 

 docker exec  mailcowdockerized_dovecot-mailcow_1 dovecot --version
2.3.7.1 (0152c8b10)

update.sh, check again

 docker exec  mailcowdockerized_dovecot-mailcow_1 dovecot --version
2.3.7.2 (3c910f64b)

issue resolved, can be closed, i assume.

Adorfer picture Adorfer on 28 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lgleim picture lgleim  路  3Comments
K2rool picture K2rool  路  3Comments
a3li picture a3li  路  3Comments
CrAazZyMaN21 picture CrAazZyMaN21  路  3Comments
patrick7 picture patrick7  路  3Comments