CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Daniel Lange
DLange at debian.org
Fri Aug 30 18:44:23 EEST 2019
Am 30.08.19 um 17:38 schrieb Daniel Lange via dovecot:
> Am 30.08.19 um 10:00 schrieb Christian Balzer via dovecot:
>> When upgrading on Debian Stretch with the security fix packages all
>> dovecot processes get killed and then restarted despite having
>> "shutdown_clients = no" set.
>
> This is systemd doing its "magic" (kill all control group processes),
> see https://dovecot.org/pipermail/dovecot/2016-June/104546.html
> for a potential fix.
Actually that will not be enough in the upgrade case as the maintainer
script calls
deb-systemd-invoke stop dovecot.socket dovecot.service
I personally think re-connecting clients are normal operations so I
wouldn't bother. But you could override the stop action in the systemd
unit if you have local reasons that warrant such a hack.
More information about the dovecot
mailing list