Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:3617 - Security Advisory
Issued:
2020-09-03
Updated:
2020-09-03

RHSA-2020:3617 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: dovecot security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dovecot is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

  • dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
  • dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
  • dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1866309 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts
  • BZ - 1866313 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation
  • BZ - 1866317 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation

CVEs

  • CVE-2020-12100
  • CVE-2020-12673
  • CVE-2020-12674

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
x86_64
dovecot-2.2.36-6.el7_8.1.i686.rpm SHA-256: 1950f2634dfd31252af071519077c0de832aea91b644c99f23286e0e09ba9718
dovecot-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: cf56594c8bbddce555f9345b80f13073ea42f810276fe80fb5619b315af8e945
dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm SHA-256: 926dfa7b37c9a553ca4ecf095b50d705b7ff77fb863971de059ce43a3dd0ff6f
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 7ab508c5c4277fd93a01871588ebe59bb2ac2d19764bbcefb060785c3f7b0606
dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 0a500792c5e1e8ebc67e1596a0f9c3d1616ee142a35baf4a395c37c653631cc9
dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: da7d02b6302022114a017d1915e3be389506972ec0c3067c84c1109cb41630bd
dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 99052cebdb48923b28174850a41e300abbdc450dbe3de4675cfb28c8bf30f828

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
x86_64
dovecot-2.2.36-6.el7_8.1.i686.rpm SHA-256: 1950f2634dfd31252af071519077c0de832aea91b644c99f23286e0e09ba9718
dovecot-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: cf56594c8bbddce555f9345b80f13073ea42f810276fe80fb5619b315af8e945
dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm SHA-256: 926dfa7b37c9a553ca4ecf095b50d705b7ff77fb863971de059ce43a3dd0ff6f
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 7ab508c5c4277fd93a01871588ebe59bb2ac2d19764bbcefb060785c3f7b0606
dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 0a500792c5e1e8ebc67e1596a0f9c3d1616ee142a35baf4a395c37c653631cc9
dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: da7d02b6302022114a017d1915e3be389506972ec0c3067c84c1109cb41630bd
dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 99052cebdb48923b28174850a41e300abbdc450dbe3de4675cfb28c8bf30f828

Red Hat Enterprise Linux Workstation 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
x86_64
dovecot-2.2.36-6.el7_8.1.i686.rpm SHA-256: 1950f2634dfd31252af071519077c0de832aea91b644c99f23286e0e09ba9718
dovecot-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: cf56594c8bbddce555f9345b80f13073ea42f810276fe80fb5619b315af8e945
dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm SHA-256: 926dfa7b37c9a553ca4ecf095b50d705b7ff77fb863971de059ce43a3dd0ff6f
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 7ab508c5c4277fd93a01871588ebe59bb2ac2d19764bbcefb060785c3f7b0606
dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 0a500792c5e1e8ebc67e1596a0f9c3d1616ee142a35baf4a395c37c653631cc9
dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: da7d02b6302022114a017d1915e3be389506972ec0c3067c84c1109cb41630bd
dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 99052cebdb48923b28174850a41e300abbdc450dbe3de4675cfb28c8bf30f828

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
s390x
dovecot-2.2.36-6.el7_8.1.s390.rpm SHA-256: 0b36d3fe91ed458f48b192fb66bbb521d2273e90187110443fa1a6d648a91007
dovecot-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 11c254aa9f71375fede082b8281d4b8863491aeafde283bd1a3a3caee512333e
dovecot-debuginfo-2.2.36-6.el7_8.1.s390.rpm SHA-256: e35599e39d1620b05cc86ad8e72098adf6c30c9717535f20d959f14b94b05bb5
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-devel-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 6de2282065f915c7daa36e536531de950d5d8748139a86ec7be26ec16e8cbb9f
dovecot-mysql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ef9bdc8469e308d419d916df421451f2f7738d404e29fc5b8a9f777b60567137
dovecot-pgsql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ccc1116ba4e8ac60c25e8f57fd192806f7f3f2ffbeeefef8fbfd26a56b8559c7
dovecot-pigeonhole-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ca82340497a74bbf9949771639110fc8a6db47a9449cc0bbd6436e224d566170

Red Hat Enterprise Linux for Power, big endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64
dovecot-2.2.36-6.el7_8.1.ppc.rpm SHA-256: 6e7969949eacaed97b01c1db0c920fb83c6249d5711f7d486fa2cbe6e649c311
dovecot-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 5ce1a0e1497faef832b599a67b056f2f0c0c9dcf6e2724c77171c4880f637a2b
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc.rpm SHA-256: bf6c08657d2121278cc6d67e1b30de953facf4a6639467e51565d5ced0762e10
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-devel-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 785b47aa23b68e91c27db6f1b96b9bceea193da2be7128c26f925e7bb7cf4421
dovecot-mysql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 7c166418792c31e2349ae0b445e2b824ce0a20d0131101a272d77335a55139e1
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 79683f764884673ac136cbf2c618c29bc5da2df51fa7cb0352e0df67e4217a95
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 6fb4b372cab4d98ce8f1447b5e4de11f567e4e7218f80de01eeb81d28af68f0c

Red Hat Enterprise Linux for Power, little endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64le
dovecot-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: c5aa8bc3702b0415b243b271fd0a311f28613b92ddb3ae640410944e46d86842
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-devel-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e9df7353501201e54f7d81c5b51a4482d9871aac54378d03df1bad8d915ab7dc
dovecot-mysql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 259385302d802100f06ec47e23a62f07b960bde901cc0e888df4349680e63899
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e58734bbc291fb3086e315c86fb0f426196013b65382da801262ad55c30c1021
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 31b55fa13615e0186314bffc3fbb3924f243359ebdd20175fe5752cef64a7ad0

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
s390x
dovecot-2.2.36-6.el7_8.1.s390.rpm SHA-256: 0b36d3fe91ed458f48b192fb66bbb521d2273e90187110443fa1a6d648a91007
dovecot-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 11c254aa9f71375fede082b8281d4b8863491aeafde283bd1a3a3caee512333e
dovecot-debuginfo-2.2.36-6.el7_8.1.s390.rpm SHA-256: e35599e39d1620b05cc86ad8e72098adf6c30c9717535f20d959f14b94b05bb5
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-devel-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 6de2282065f915c7daa36e536531de950d5d8748139a86ec7be26ec16e8cbb9f
dovecot-mysql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ef9bdc8469e308d419d916df421451f2f7738d404e29fc5b8a9f777b60567137
dovecot-pgsql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ccc1116ba4e8ac60c25e8f57fd192806f7f3f2ffbeeefef8fbfd26a56b8559c7
dovecot-pigeonhole-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ca82340497a74bbf9949771639110fc8a6db47a9449cc0bbd6436e224d566170

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64
dovecot-2.2.36-6.el7_8.1.ppc.rpm SHA-256: 6e7969949eacaed97b01c1db0c920fb83c6249d5711f7d486fa2cbe6e649c311
dovecot-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 5ce1a0e1497faef832b599a67b056f2f0c0c9dcf6e2724c77171c4880f637a2b
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc.rpm SHA-256: bf6c08657d2121278cc6d67e1b30de953facf4a6639467e51565d5ced0762e10
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-devel-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 785b47aa23b68e91c27db6f1b96b9bceea193da2be7128c26f925e7bb7cf4421
dovecot-mysql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 7c166418792c31e2349ae0b445e2b824ce0a20d0131101a272d77335a55139e1
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 79683f764884673ac136cbf2c618c29bc5da2df51fa7cb0352e0df67e4217a95
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 6fb4b372cab4d98ce8f1447b5e4de11f567e4e7218f80de01eeb81d28af68f0c

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64le
dovecot-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: c5aa8bc3702b0415b243b271fd0a311f28613b92ddb3ae640410944e46d86842
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-devel-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e9df7353501201e54f7d81c5b51a4482d9871aac54378d03df1bad8d915ab7dc
dovecot-mysql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 259385302d802100f06ec47e23a62f07b960bde901cc0e888df4349680e63899
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e58734bbc291fb3086e315c86fb0f426196013b65382da801262ad55c30c1021
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 31b55fa13615e0186314bffc3fbb3924f243359ebdd20175fe5752cef64a7ad0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility