Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Related bugs and status

CVE-2019-3814 (Candidate) is related to these bugs:

Bug #1815035: Please merge 1:2.3.4.1-1 into disco

Summary				In	Importance	Status
	1815035	Please merge 1:2.3.4.1-1 into disco		dovecot (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2019-9e004decea
GENTOO: GLSA-201904-19
MISC: https://www.dovecot.or...
SUSE: openSUSE-SU-2019:1220
FEDORA: FEDORA-2019-1b61a528dd
REDHAT: RHSA-2019:3467