• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Dovecot CVE-2020-24386

B

B_P

Regular Pleskian
Username: B_P

TITLE

Dovecot CVE-2020-24386

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Ubuntu 16.04.7
Plesk 18.0.32

PROBLEM DESCRIPTION

According to Ubuntu (CVE-2020-24386 | Ubuntu) CVE-2020-24386 affects dovecot versions 2.2.26-2.3.11.3.

On Plesk 18.0.32, it seems that 2.3.10.1-v.ubuntu.16.04+p18.0.32.2 is the most recent one which seems to be affected. So a short-notice security update is required.

@IgorG

STEPS TO REPRODUCE

Install & update 18.0.32

ACTUAL RESULT

An affected Dovecot version is installed

EXPECTED RESULT

A fixed Dovecot version is installed.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
You've probably read the article by Heise? Do you realize that both bugs reported do not at the least affect normal operations, but are both special cases that will normally not occur on Plesk installations?
 
You must log in or register to reply here.

Similar threads

DataPacket
Forwarded to devs Event 'cp_user_login_failed'
Replies
8
Views
908
CruzMark
C
S
Resolved Rest API Fatal Errors
Replies
6
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
learning_curve
Resolved Plesk updates when running Ubuntu 24.04.1 LTS - Possible Installer Plesk bug
Replies
7
Views
1K
learning_curve
learning_curve
L
Resolved Sitejet Builder - Publication failed
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
M
Resolved Clicking on "Use Built-in Monitoring" does not work
Replies
7
Views
2K
Mato
M
Back
Top