Dovecot 2.3.21.1

[tomputer]

Dovecot 2.3.21.1 has been released, it contains fixes for:

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message

More info: dovecot.org, seclists.org, seclists.org

 

[ccto]

From Exim doc, by default, header_maxsize = 1M

ref.: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html

I hope this is not important to us (DA admin).

 

[DanielP]

I entered the new version to versions in custombuild, on one server, saved, went to updates and build it, build ok on ubuntu server,

Dovecot configuration files have been updated successfully.
Enabling dovecot in systemd...
Restarting dovecot.


tested email seems to work will left it for couple of hours and then replicate to all