DOVECOT CVE 2.3.4.1 take care please

Status: 
Closed (works as designed)

Comments

Howdy -- this unfortunately isn't something we'd be able to help with, as we don't maintain the Dovecot packages available on a server running Virtualmin.

Those are maintained by the distribution vendor, such as Debian, Ubuntu, or CentOS.

If your distribution vendor hasn't updated their Dovecot packages, you may want to open a support request with them.

Yep that is reason why posting here. Not every OS has a working patch yet. So server admins should know that . ;)

You don't have a security place/topic here in forum we could post such?

We have, on occasion, posted notices about vulnerabilities in packages we don't maintain when they are particularly severe... such as remote root exploits.

The particular vulnerability described here wouldn't affect most users, and certain Dovecot features have to be manually enabled before it would become an issue. It's also already fixed in Ubuntu and Debian.

In general, we're not looking to post most CVE notices here. Though if this one's important to you, you're welcome to post it in the General Forum!

Also, YUM or APT updates marked as "security" are shown separately on the System Information page.