Synopsis:          Important: dovecot security update
Advisory ID:       SLSA-2020:3617-1
Issue Date:        2020-09-03
CVE Numbers:       None
--

Security Fix(es):

* dovecot: Resource exhaustion via deeply nested MIME parts
(CVE-2020-12100)

* dovecot: Out of bound reads in dovecot NTLM implementation
(CVE-2020-12673)

* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)
--

SL7
  x86_64
    dovecot-2.2.36-6.el7_8.1.i686.rpm
    dovecot-2.2.36-6.el7_8.1.x86_64.rpm
    dovecot-debuginfo-2.2.36-6.el7_8.1.i686.rpm
    dovecot-debuginfo-2.2.36-6.el7_8.1.x86_64.rpm
    dovecot-mysql-2.2.36-6.el7_8.1.x86_64.rpm
    dovecot-pgsql-2.2.36-6.el7_8.1.x86_64.rpm
    dovecot-pigeonhole-2.2.36-6.el7_8.1.x86_64.rpm
    dovecot-devel-2.2.36-6.el7_8.1.x86_64.rpm

- Scientific Linux Development Team