Sicherheit: Denial of Service in dovecot

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1427620730-10360-13

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:113
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dovecot
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated dovecot packages fix security vulnerability.

Dovecot before 2.2.13 is vulnerable to a DoS attack against
imap/pop3-login processes. If SSL/TLS handshake was started but
wasn't finished, the login process attempted to eventually forcibly
disconnect the client, but failed to do it correctly. This could have
left the connections hanging around for a long time (CVE-2014-3430).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430
http://advisories.mageia.org/MGASA-2014-0223.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
1eb6e9066872c78e1755c1971036fc16
mbs2/x86_64/dovecot-2.2.6-3.1.mbs2.x86_64.rpm
656bf9481ba301e634d6a726f794dda5
mbs2/x86_64/dovecot-devel-2.2.6-3.1.mbs2.x86_64.rpm
25eba263e3a69fe651c0ed6337949830
mbs2/x86_64/dovecot-pigeonhole-2.2.6-3.1.mbs2.x86_64.rpm
67c9662509cf9fa64d129d846c06627a
mbs2/x86_64/dovecot-pigeonhole-devel-2.2.6-3.1.mbs2.x86_64.rpm
11c9627af2b38d1935527942a3e66870
mbs2/x86_64/dovecot-plugins-gssapi-2.2.6-3.1.mbs2.x86_64.rpm
dfc56f23f07520c804b8af8688abdbbc
mbs2/x86_64/dovecot-plugins-ldap-2.2.6-3.1.mbs2.x86_64.rpm
3ce270a44b749aef02b65b717518e93b
mbs2/x86_64/dovecot-plugins-mysql-2.2.6-3.1.mbs2.x86_64.rpm
3610ca4c251604b05101401712af1694
mbs2/x86_64/dovecot-plugins-pgsql-2.2.6-3.1.mbs2.x86_64.rpm
9abe3f4567e180fcd9cbeaf0af8ea4e5
mbs2/x86_64/dovecot-plugins-sqlite-2.2.6-3.1.mbs2.x86_64.rpm
7d92ecbc2cb08e9591cd9b1be0326f49 mbs2/SRPMS/dovecot-2.2.6-3.1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF7SMmqjQ0CJFipgRAjUSAKCNzqOuQliJVc1nKiBdZhCBK+iFIQCdFtV9
NspHCwRPAGwc9Te32AbCpxA=
=DyJk
-----END PGP SIGNATURE-----

------------=_1427620730-10360-13
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

------------=_1427620730-10360-13--