Short version of the story: upgrade Dovecot (sudo apt-get update; sudo apt-get upgrade dovecot-core).
I am on the Ubuntu security mailing list, where the email people all the security vulnerabilities. There’s apparently a way to mess with POP3/FTS headers with Dovecot to escalate to root privileges and execute arbitrary code. But “[o]nly installations using the FTS or pop3 migration plugins are affected.” Not sure if MIAB uses any POP3 migration plugins though.
I thought I would share this interesting information with you guys. I don’t know too much about this stuff, so it could just me talking out of ignorance. But I thought I could also mention while I am at it, Canonical is going to no longer support Ubuntu LTS 14.04 starting 30 April 2019. Security vulnerabilities get missed all the time, it’s just a matter of patching them. Once you stop patching them, attackers start to get the advantage.
That said, be sure to upgrade your Mail-in-a-Box machines to Ubuntu LTS 18.04, if you have not already done so. Time is running out.
Here’s the information:
https://usn.ubuntu.com/usn/usn-3928-1
Ubuntu: CVE-2019-7524
Debian: https://security-tracker.debian.org/tracker/CVE-2019-7524
Priority: medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)