Submitted by andreychek on Sun, 02/10/2019 - 09:40Comment #1
Howdy -- this unfortunately isn't something we'd be able to help with, as we don't maintain the Dovecot packages available on a server running Virtualmin.
Those are maintained by the distribution vendor, such as Debian, Ubuntu, or CentOS.
If your distribution vendor hasn't updated their Dovecot packages, you may want to open a support request with them.
Submitted by andreychek on Sun, 02/10/2019 - 10:37Comment #3
We have, on occasion, posted notices about vulnerabilities in packages we don't maintain when they are particularly severe... such as remote root exploits.
The particular vulnerability described here wouldn't affect most users, and certain Dovecot features have to be manually enabled before it would become an issue. It's also already fixed in Ubuntu and Debian.
In general, we're not looking to post most CVE notices here. Though if this one's important to you, you're welcome to post it in the General Forum!
Comments
Submitted by andreychek on Sun, 02/10/2019 - 09:40 Comment #1
Howdy -- this unfortunately isn't something we'd be able to help with, as we don't maintain the Dovecot packages available on a server running Virtualmin.
Those are maintained by the distribution vendor, such as Debian, Ubuntu, or CentOS.
If your distribution vendor hasn't updated their Dovecot packages, you may want to open a support request with them.
Submitted by Jfro on Sun, 02/10/2019 - 10:21 Comment #2
Yep that is reason why posting here. Not every OS has a working patch yet. So server admins should know that . ;)
You don't have a security place/topic here in forum we could post such?
Submitted by andreychek on Sun, 02/10/2019 - 10:37 Comment #3
We have, on occasion, posted notices about vulnerabilities in packages we don't maintain when they are particularly severe... such as remote root exploits.
The particular vulnerability described here wouldn't affect most users, and certain Dovecot features have to be manually enabled before it would become an issue. It's also already fixed in Ubuntu and Debian.
In general, we're not looking to post most CVE notices here. Though if this one's important to you, you're welcome to post it in the General Forum!
Submitted by JamieCameron on Sun, 02/10/2019 - 16:47 Comment #4
Also, YUM or APT updates marked as "security" are shown separately on the System Information page.