drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in dovecot
Name: |
Mehrere Probleme in dovecot |
|
ID: |
DSA-4130-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Sa, 3. März 2018, 01:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : dovecot CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Debian Bug : 888432 891819 891820
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2017-14461
Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory contents to an attacker.
CVE-2017-15130
It was discovered that TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted, resulting in a denial of service. Only Dovecot configurations containing local_name { } or local { } configuration blocks are affected.
CVE-2017-15132
It was discovered that Dovecot contains a memory leak flaw in the login process on aborted SASL authentication.
For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.13-12~deb8u4.
For the stable distribution (stretch), these problems have been fixed in version 1:2.2.27-3+deb9u2.
We recommend that you upgrade your dovecot packages.
For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqZzelfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T8fg/+KmUzgEXDQFSnWOmSt+8GXFB08C2XtXmopMuej/1tjkZZ7B04vXfkgYZ9 u7zICbM56VrTmnXOYnLuXjqLrzGO0Y9jX+Z5G4BSw0TgP+g6ME72ZvqxuE4IKQqi QlaKTX86B1AMpzvkLrhwXlArJDr7pJzOonFJds6rKtVA4OvY4/fAAWrH89BFchet VwdO5rngcd/qnAYVOZglTMfgVlzxvenx+0fbQ6JFS6T8ODOFSsnwth64u3KY8yYj 4PGTBqX4m+2S2q2qGinueBgHNUV4RK71Zw1QYDa2gMBQR3HtlMnDhmQ4uYCvKP04 Z1GJYX6dMxMSWPKC2WecrdCSV+QAdMlYypKbhqcLA4LHcdPR+v35oQT4X/SYd2WS Zf50KMYUm9Q3YiOHVDrJo+o21hX4g8hRw1wdewZz+wyQ1n1TOlVtRh4vmACKRzNx 7bUayEvVU3q3VQd+dDH2Bl+TBiO7RB5/b2pHp8vHwAlVX00jYSSnoLUKT0L4BQ54 +1DZ8j88OFKDxTgOsbk19rhfraY7iejAjHZDVnJBwC/tB9REG6DOrDIG4OJqTKw4 sP1JaHryOGXzOf/8h61rY5HAuwofGkAZN7S+Bel0+zGYJvIcSyxpBKvJB/0TDNjm E5KphLFG9RGVmdeVkQzG6tGUMnMXxFrAD5U3hlzUsNGLLA+RE78= =Yh09 -----END PGP SIGNATURE-----
|
|
|
|