Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:3617 - Security Advisory
Issued:
2020-09-03
Updated:
2020-09-03

RHSA-2020:3617 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: dovecot security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dovecot is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

  • dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
  • dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
  • dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1866309 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts
  • BZ - 1866313 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation
  • BZ - 1866317 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation

CVEs

  • CVE-2020-12100
  • CVE-2020-12673
  • CVE-2020-12674

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
x86_64
dovecot-2.2.36-6.el7_8.1.i686.rpm SHA-256: 1950f2634dfd31252af071519077c0de832aea91b644c99f23286e0e09ba9718
dovecot-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: cf56594c8bbddce555f9345b80f13073ea42f810276fe80fb5619b315af8e945
dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm SHA-256: 926dfa7b37c9a553ca4ecf095b50d705b7ff77fb863971de059ce43a3dd0ff6f
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 7ab508c5c4277fd93a01871588ebe59bb2ac2d19764bbcefb060785c3f7b0606
dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 0a500792c5e1e8ebc67e1596a0f9c3d1616ee142a35baf4a395c37c653631cc9
dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: da7d02b6302022114a017d1915e3be389506972ec0c3067c84c1109cb41630bd
dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 99052cebdb48923b28174850a41e300abbdc450dbe3de4675cfb28c8bf30f828

Red Hat Enterprise Linux Workstation 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
x86_64
dovecot-2.2.36-6.el7_8.1.i686.rpm SHA-256: 1950f2634dfd31252af071519077c0de832aea91b644c99f23286e0e09ba9718
dovecot-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: cf56594c8bbddce555f9345b80f13073ea42f810276fe80fb5619b315af8e945
dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm SHA-256: 926dfa7b37c9a553ca4ecf095b50d705b7ff77fb863971de059ce43a3dd0ff6f
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 18dd2d98d95525bfda8eebada1fd15331b1f2187f639f78dea270c21acf88944
dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 7ab508c5c4277fd93a01871588ebe59bb2ac2d19764bbcefb060785c3f7b0606
dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 0a500792c5e1e8ebc67e1596a0f9c3d1616ee142a35baf4a395c37c653631cc9
dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: da7d02b6302022114a017d1915e3be389506972ec0c3067c84c1109cb41630bd
dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm SHA-256: 99052cebdb48923b28174850a41e300abbdc450dbe3de4675cfb28c8bf30f828

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
s390x
dovecot-2.2.36-6.el7_8.1.s390.rpm SHA-256: 0b36d3fe91ed458f48b192fb66bbb521d2273e90187110443fa1a6d648a91007
dovecot-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 11c254aa9f71375fede082b8281d4b8863491aeafde283bd1a3a3caee512333e
dovecot-debuginfo-2.2.36-6.el7_8.1.s390.rpm SHA-256: e35599e39d1620b05cc86ad8e72098adf6c30c9717535f20d959f14b94b05bb5
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-debuginfo-2.2.36-6.el7_8.1.s390x.rpm SHA-256: d44e5b73afaebfca2f5c4b31cfcc1a15be6aa0ef2eed35e007548d3a5352ad5c
dovecot-devel-2.2.36-6.el7_8.1.s390x.rpm SHA-256: 6de2282065f915c7daa36e536531de950d5d8748139a86ec7be26ec16e8cbb9f
dovecot-mysql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ef9bdc8469e308d419d916df421451f2f7738d404e29fc5b8a9f777b60567137
dovecot-pgsql-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ccc1116ba4e8ac60c25e8f57fd192806f7f3f2ffbeeefef8fbfd26a56b8559c7
dovecot-pigeonhole-2.2.36-6.el7_8.1.s390x.rpm SHA-256: ca82340497a74bbf9949771639110fc8a6db47a9449cc0bbd6436e224d566170

Red Hat Enterprise Linux for Power, big endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64
dovecot-2.2.36-6.el7_8.1.ppc.rpm SHA-256: 6e7969949eacaed97b01c1db0c920fb83c6249d5711f7d486fa2cbe6e649c311
dovecot-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 5ce1a0e1497faef832b599a67b056f2f0c0c9dcf6e2724c77171c4880f637a2b
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc.rpm SHA-256: bf6c08657d2121278cc6d67e1b30de953facf4a6639467e51565d5ced0762e10
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 94b52c983a4bee0fbf7b9d2afe7653db0b6f2b6d2d088d578afb4ef1c1bb0da9
dovecot-devel-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 785b47aa23b68e91c27db6f1b96b9bceea193da2be7128c26f925e7bb7cf4421
dovecot-mysql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 7c166418792c31e2349ae0b445e2b824ce0a20d0131101a272d77335a55139e1
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 79683f764884673ac136cbf2c618c29bc5da2df51fa7cb0352e0df67e4217a95
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64.rpm SHA-256: 6fb4b372cab4d98ce8f1447b5e4de11f567e4e7218f80de01eeb81d28af68f0c

Red Hat Enterprise Linux for Power, little endian 7

SRPM
dovecot-2.2.36-6.el7_8.1.src.rpm SHA-256: a51d8696cb662181c6c73b14e0d212d547ec9e11d57a7ab36e68384e63192759
ppc64le
dovecot-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: c5aa8bc3702b0415b243b271fd0a311f28613b92ddb3ae640410944e46d86842
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-debuginfo-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 8917d29ffe6c4e48ceed0a38fec4544e6e8cca36776bfe7453a78786486242de
dovecot-devel-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e9df7353501201e54f7d81c5b51a4482d9871aac54378d03df1bad8d915ab7dc
dovecot-mysql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 259385302d802100f06ec47e23a62f07b960bde901cc0e888df4349680e63899
dovecot-pgsql-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: e58734bbc291fb3086e315c86fb0f426196013b65382da801262ad55c30c1021
dovecot-pigeonhole-2.2.36-6.el7_8.1.ppc64le.rpm SHA-256: 31b55fa13615e0186314bffc3fbb3924f243359ebdd20175fe5752cef64a7ad0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter