AW: CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole

MK dovecot-ml at mk.de
Mon Sep 2 12:51:30 EEST 2019


>> On 2 Sep 2019, at 11.01, MK via dovecot <dovecot at dovecot.org> wrote:
>> 
>> Good Morning List,
>> 
>> just a short question to this vulnerability. We are using a setup with dovecot redirector/proxy frontend servers
>> and some backend server, which store the mailboxes. 
>> Is it anough to update the frontend servers if I like to fix the the vulnerability?

>No. 
>
>Sami

Thanks. Do I understand this correct that updating the frontends fixes only the vulnerability for anonymous requests 
and for users logged in the vulnerability still exists if I don't update the backend servers?

Oliver



More information about the dovecot mailing list