USN-3881-1: Dovecot vulnerability
5 February 2019
Dovecot could be made to expose sensitive information over the network.
- dovecot - IMAP and POP3 email server
It was discovered that Dovecot incorrectly handled client certificates. A
remote attacker in possession of a valid certificate with an empty username
field could possibly use this issue to impersonate other users.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-3881-2: dovecot-core, dovecot