Ubuntu Security Update USN-4993-1: Dovecot vulnerabilities

Thread starter LinuxBot
Start date Jun 21, 2021

LinuxBot

Member

Jun 21, 2021

#1

Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29157) Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly handled STARTTLS when using the SMTP submission service. A remote attacker could possibly use this issue to inject plaintext commands before STARTTLS negotiation. (CVE-2021-33515)

Continue reading...

You must log in or register to reply here.

Similar threads

Ubuntu Security Update USN-8365-1: Dovecot vulnerabilities

Replies: 0

Views: 76

Jun 2, 2026

LinuxBot

Ubuntu Security Update USN-8136-1: Dovecot vulnerabilities

Replies: 0

Views: 185

Mar 31, 2026

LinuxBot

Ubuntu Security Update USN-8136-2: Dovecot regression

Replies: 0

Views: 155

Apr 28, 2026

LinuxBot

Ubuntu Security Update USN-8227-1: curl vulnerabilities

Replies: 0

Views: 125

May 4, 2026

LinuxBot

Ubuntu Security Update USN-8337-1: QtSvg vulnerabilities

Replies: 0

Views: 73

May 28, 2026

LinuxBot

Share:

Facebook X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

Follow Linux.org

Linux.org YouTube Channel

Members online

Total: 2,846 (members: 2, guests: 2,844)

Latest posts

J
Linux Mint - can't access terminal
- Latest: jbg3
- 23 minutes ago
Getting Started
Cannot install any Linux
- Latest: CaffeineAddict
- Today at 6:49 AM
Getting Started
Files missing
- Latest: piorunz
- Today at 6:33 AM
Mint
NEW 2 THE GAME
- Latest: beanburrito
- Today at 6:27 AM
Member Introductions
L
VPN Linux Mint
- Latest: lemonyx
- Today at 5:36 AM
Linux Networking

Top