SynopsisThe remote EulerOS host is missing multiple security updates.
DescriptionAccording to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- In Dovecot before 22.214.171.124 and 2.3.x before 126.96.36.199, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.(CVE-2019-7524)
- The JSON encoder in Dovecot before 188.8.131.52 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.(CVE-2019-10691)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected dovecot packages.