Hello,
Two CVE was released: CVE-2024-23184 and CVE-2024-23185
Which are fixed since 2.3.21.1 version of dovecot, the current version in Rocky Linux 9 is 2.3.16.
Do you know when the patch for this will be released public repo ?
Thanks !
Hello,
Two CVE was released: CVE-2024-23184 and CVE-2024-23185
Which are fixed since 2.3.21.1 version of dovecot, the current version in Rocky Linux 9 is 2.3.16.
Do you know when the patch for this will be released public repo ?
Thanks !
Remember, Rocky just follows upstream RedHat. When RedHat releases a patch then Rocky will follow. You can follow RedHat’s status at cve-details and cve-details
Also, see this: 2305909 – (CVE-2024-23184) CVE-2024-23184 dovecot: using a large number of address headers may trigger a denial of service
The current version in Rocky is 2.3.16-11.el9
That is not the same thing. See Security Backporting Practice - Red Hat Customer Portal and What is backporting and how does it affect Red Hat Enterprise Linux? - Red Hat Customer Portal
You should be able to run
rpm -q --changelog dovecot
dnf changelog dovecot
to see what is said to have changed after the package was rebased to 2.3.16. There are probably some CVE listed too.