AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
MK
dovecot-ml at mk.de
Mon Sep 2 12:51:30 EEST 2019
>> On 2 Sep 2019, at 11.01, MK via dovecot <dovecot at dovecot.org> wrote:
>>
>> Good Morning List,
>>
>> just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers
>> and some backend server, which store the mailboxes.
>> Is it anough to update the frontend servers if I like to fix the the vulnerability?
>No.
>
>Sami
Thanks. Do I understand this correct that updating the frontends fixes only the vulnerability for anonymous requests
and for users logged in the vulnerability still exists if I don't update the backend servers?
Oliver
More information about the dovecot
mailing list