Where is the Dovecot security fix????

Support for security such as Firewalls and securing linux
hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Where is the Dovecot security fix????

Post by hunter86_bg » 2019/09/23 21:30:00

SuSE still haven't patched all their products - so RedHat is a little bit faster.
Of course , you can always switch to openBSD :)

Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.

bonedome
Posts: 201
Joined: 2017/04/22 08:11:04

Re: Where is the Dovecot security fix????

Post by bonedome » 2019/09/25 20:49:43

Hello
does this page not fix the problem https://repo.dovecot.org/#centos ?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Where is the Dovecot security fix????

Post by TrevorH » 2019/09/25 20:50:18

That means going outside the distro and that's not really the right way to fix it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

SpaceAce
Posts: 4
Joined: 2018/10/18 08:31:12

Re: Where is the Dovecot security fix????

Post by SpaceAce » 2019/10/04 16:39:58

Just because SuSE is even slower than RedHat does not make this any better!
I critical security issue should not take months to be fixed!
It should rather be days instead!

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Where is the Dovecot security fix????

Post by KernelOops » 2019/10/04 19:18:45

I've been tracking this bug for several weeks now and it seems like redhat does not see it as a critical issue.

Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
--
R.I.P. CentOS :cry:
--

Pumpino
Posts: 154
Joined: 2007/12/03 00:30:47
Location: Melbourne, Australia

Re: Where is the Dovecot security fix????

Post by Pumpino » 2019/11/25 19:49:08

As a followup question, does anyone know why RHEL 8 includes the same ancient version (2.2.36) of dovecot that RHEL 7 does? Why wouldn't they have moved to the 2.3 series?

Post Reply