Unable to send emails using Plesk local mail server: Connection timed out or connection refused. (#4.4.1)
[FIXED BUG] Notifications from Plesk are bounced: duplicate header field "Content-Type"
[BUG] SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db
[FIXED BUG] Mail quota warnings are not sent
[BUG] Link to http://www.openspf.org/ returned by Plesk server when SPF validation is failed does not work
[BUG] Unable to configure External SMTP Server with a non-email address login in Plesk: Unable to encode IDN email address 'jdoe'
CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities
[BUG] Plesk email account via Outlook IMAP/POP3 returns the following after syncing: Message appears to be a Unicode message and your E-mail reader did not enable Unicode support.
[BUG] Connection is broken with Qmail, DNSBL over 465 TLS is used: Failed to send some messages - javax.net.ssl.SSLProtocolExpeption:SSL handshake aborted
[BUG] Unable to send email using PHP mail after Plesk update: Your server might not be configured to send mail using this method

See more

CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities

Danil Dmitrienko

Updated November 13, 2019 01:13

Situation

Vulnerabilities CVE-2019-12094 and CVE-2019-12095 were discovered in Horde web email components.

The exploit uses combination of XSS vulnerability in "Horde Groupware Webmail Edition" and CSRF vulnerability in "Horde Trean" (Web-based bookmarks application).

Plesk does not use any of these components.

Impact

Plesk is not affected.

Call to Action

No actions are required.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request