CVE-2019-11500 Critical Dovecot and Pigeonhole vulnerability
-
Really disturbing is the timeline for the issue. [QUOTE] Vendor notification: 2019-04-13 Solution date: 2019-06-05 Public disclosure: 2019-08-28 CVE reference: CVE-2019-11500
The solution seems to be available since June 2019. They seems to have reconsidered the complexity of the attack needed. It seem much easier then they first thought to execute the attack.0 -
Hello, We are currently aware of the recent critical Dovecot and Pigeonhole vulnerability. Additional details concerning these vulnerabilities and the updated version of Dovecot can be found at below URLs. -- Seclist [Dovecot-news] Dovecot release v2.3.7.2 cPanel has pushed an update to Dovecot to protect servers from this vulnerability. The internal case tracking this issue is case ID CPANEL-29060. To address the issue cPanel updated Dovecot RPMs to version 2.3.7.2. These updates will first be available in version 82.0.12 which is currently in CURRENT and then shortly after backported to version 78. You can verify when the updates have been released in the changelogs. 0 -
Thanks for pointing out. Update Delivery Network:httpupdate.cpanel.net CURRENT is on 82.0.12. Release and Stable are on 82.0.11. 0 -
Thanks for pointing out. Update Delivery Network:httpupdate.cpanel.net CURRENT is on 82.0.12. Release and Stable are on 82.0.11.
Looks to me like there is no urgency in getting this update to RELEASE, the recommended tier.0 -
82.0.12 just went to CURRENT on Thursday, August 29th (a few days ago) - While this fix is present in that build if you're waiting to update to that build I would not expect it to be pushed to RELEASE immediately in any circumstance. I can tell you I was just notified that 82.0.12 is expected to go to RELEASE today. 0
Please sign in to leave a comment.
Comments
7 comments