Dovecot 2.3.9.2 has been released *** CVE SECURITY ***

DirectAdmin Support

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Dovecot 2.3.9.2 has been released to address a security issue:

NVD - CVE-2019-19722

nvd.nist.gov nvd.nist.gov

https://dovecot.org/list/dovecot-news/2019-December/000428.html said:
> Risk:
> Repeated delivery attempts are made for the problematic mail, causing
> queueing in MTA.
Click to expand...
If I'm reading the report correctly, it only applies if push notifications are enabled in dovecot, which they are not setup by default in DirectAdmin.

Regardless, everyone is recommended to update to this version:
Code: 
cd /usr/local/directadmin/custombuild
./build update
./build dovecot
John
 
Please apply the patch for the following issue in FreeBSD:

Dovecot 2.3.9 build error

FreeBSD 11.3 here. I get the following error when building Dovecot: ... net.c:1071:5: error: use of undeclared identifier 'EAI_ADDRFAMILY' { EAI_ADDRFAMILY, NET_HOSTERROR_TYPE_NOT_FOUND }, ^ net.c:1077:5: error: use of undeclared identifier 'EAI_NODATA'...
forum.directadmin.com forum.directadmin.com
 
Looks like it's fixed. Just one minor thing that happens at the end of the compilations:

Code: 
...
/usr/bin/install -c -m 644 imap_filter_sieve.txt imapsieve.txt sieve_extprograms.txt '/usr/share/doc/dovecot/sieve/plugins'
Restarting dovecot.
Stopping dovecot:               [ OK ]
Starting dovecot:               [ OK ]
Restarting exim.
Shutting down exim:     [ OK ]
Starting exim:          [ OK ]
ensuring ssl_dh
Restarting dovecot.
Stopping dovecot:               [ OK ]
Starting dovecot:               [ OK ]
Error: service(managesieve-login): listen(*, 4190) failed: Address already in use
Error: service(managesieve-login): listen(::, 4190) failed: Address already in use
Error: service(stats): Socket already exists: /var/run/dovecot/stats-reader
Error: service(stats): Socket already exists: /var/run/dovecot/stats-writer
Error: service(pop3-login): listen(*, 110) failed: Address already in use
Error: service(pop3-login): listen(::, 110) failed: Address already in use
Error: service(pop3-login): listen(*, 995) failed: Address already in use
Error: service(pop3-login): listen(::, 995) failed: Address already in use
Error: service(lmtp): Socket already exists: /var/run/dovecot/lmtp
Error: service(lmtp): Socket already exists: /var/run/dovecot/lmtp-client
Error: service(imap-login): listen(*, 143) failed: Address already in use
Error: service(imap-login): listen(::, 143) failed: Address already in use
Error: service(imap-login): listen(*, 993) failed: Address already in use
Error: service(imap-login): listen(::, 993) failed: Address already in use
Error: service(anvil): Socket already exists: /var/run/dovecot/anvil
Error: service(anvil): Socket already exists: /var/run/dovecot/anvil-auth-penalty
Fatal: Failed to start listeners

root@srv2:/usr/local/directadmin/custombuild # /usr/local/etc/rc.d/dovecot restart
Stopping dovecot: cat: /var/run/dovecot/master.pid: No such file or directory
usage: kill [-s signal_name] pid ...
       kill -l [exit_status]
       kill -signal_name pid ...
       kill -signal_number pid ...
                [ FAILED ]
Starting dovecot:               [ OK ]
 
You must log in or register to reply here.
Back
Top