• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Dovecot CVE-2020-24386

B

B_P

Regular Pleskian
Username: B_P

TITLE

Dovecot CVE-2020-24386

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Ubuntu 16.04.7
Plesk 18.0.32

PROBLEM DESCRIPTION

According to Ubuntu (CVE-2020-24386 | Ubuntu) CVE-2020-24386 affects dovecot versions 2.2.26-2.3.11.3.

On Plesk 18.0.32, it seems that 2.3.10.1-v.ubuntu.16.04+p18.0.32.2 is the most recent one which seems to be affected. So a short-notice security update is required.

@IgorG

STEPS TO REPRODUCE

Install & update 18.0.32

ACTUAL RESULT

An affected Dovecot version is installed

EXPECTED RESULT

A fixed Dovecot version is installed.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
You've probably read the article by Heise? Do you realize that both bugs reported do not at the least affect normal operations, but are both special cases that will normally not occur on Plesk installations?
 
You must log in or register to reply here.

Similar threads

danami
Resolved Dovecot-pigeonhole version 2.4.2 used by Plesk Obsidian 18.0.76 causes dovecot to panic crash
Replies
4
Views
1K
mcac
M
V
SELinux is preventing /usr/libexec/dovecot/auth from write access on the file /var/lib/plesk/mail/userdb/userdb.db
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
Hangover2
Critical security issue fixed on 24–25 February 2026 (Plesk Obsidian 18.0.75 Update 1 / 18.0.76 Update 2) — request for vulnerability details
Replies
4
Views
2K
Hangover2
Hangover2
A
Problem after Plesk upgrade script
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
W
Mailbox size calculated wrong
Replies
4
Views
828
Webbenny
W
Back
Top