Hello,
Two CVE was released: CVE-2024-23184 and CVE-2024-23185
Which are fixed since 2.3.21.1 version of dovecot, the current version in Rocky Linux 9 is 2.3.16.
Do you know when the patch for this will be released public repo ?
Thanks !
Hello,
Two CVE was released: CVE-2024-23184 and CVE-2024-23185
Which are fixed since 2.3.21.1 version of dovecot, the current version in Rocky Linux 9 is 2.3.16.
Do you know when the patch for this will be released public repo ?
Thanks !
Remember, Rocky just follows upstream RedHat. When RedHat releases a patch then Rocky will follow. You can follow RedHat’s status at cve-details and cve-details
Also, see this: 2305909 – (CVE-2024-23184) CVE-2024-23184 dovecot: using a large number of address headers may trigger a denial of service
The current version in Rocky is 2.3.16-11.el9
That is not the same thing. See Security Backporting Practice - Red Hat Customer Portal and What is backporting and how does it affect Red Hat Enterprise Linux? - Red Hat Customer Portal
You should be able to run
rpm -q --changelog dovecot
dnf changelog dovecot
to see what is said to have changed after the package was rebased to 2.3.16. There are probably some CVE listed too.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.