Category Archives: Advisories

Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message

Read Time:26 Second

Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6601
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-31
CVE reference: CVE-2024-23185
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)…

Read More

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive

Read Time:26 Second

Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6464
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-30
CVE reference: CVE-2024-23184
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)…

Read More

python-webob-1.8.8-2.el8

Read Time:13 Second

FEDORA-EPEL-2024-fc8e1f0a44

Packages in this update:

python-webob-1.8.8-2.el8

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

python-webob-1.8.8-2.el9

Read Time:13 Second

FEDORA-EPEL-2024-4a0acd6ee7

Packages in this update:

python-webob-1.8.8-2.el9

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

python-webob-1.8.8-2.fc39

Read Time:13 Second

FEDORA-2024-40ff0d8644

Packages in this update:

python-webob-1.8.8-2.fc39

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

python-webob-1.8.8-2.fc40

Read Time:13 Second

FEDORA-2024-a6817a2e80

Packages in this update:

python-webob-1.8.8-2.fc40

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

webkitgtk-2.44.3-2.fc39

Read Time:21 Second

FEDORA-2024-ba78b27eb8

Packages in this update:

webkitgtk-2.44.3-2.fc39

Update description:

Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.

Read More