ELA-342-1 dovecot security update

Denial of Service (DoS) vulnerability

2021-01-05
Packagedovecot
Version1:2.2.13-12~deb8u9
Related CVEs CVE-2020-25275


A vulnerability was discovered in the Dovecot IMAP server where a malicious sender could crash Dovecot repeatedly by sending messages with more than 10,000 MIME parts.



For Debian 8 Jessie, these problems have been fixed in version 1:2.2.13-12~deb8u9.

We recommend that you upgrade your dovecot packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.