drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in dovecot
Name: |
Denial of Service in dovecot |
|
ID: |
MDVSA-2015:113 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Business Server 2.0 |
|
Datum: |
So, 29. März 2015, 13:58 |
|
Referenzen: |
http://advisories.mageia.org/MGASA-2014-0223.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1427620730-10360-13
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:113 http://www.mandriva.com/en/support/security/ _______________________________________________________________________
Package : dovecot Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________
Problem Description:
Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time (CVE-2014-3430). _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430 http://advisories.mageia.org/MGASA-2014-0223.html _______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64: 1eb6e9066872c78e1755c1971036fc16 mbs2/x86_64/dovecot-2.2.6-3.1.mbs2.x86_64.rpm 656bf9481ba301e634d6a726f794dda5 mbs2/x86_64/dovecot-devel-2.2.6-3.1.mbs2.x86_64.rpm 25eba263e3a69fe651c0ed6337949830 mbs2/x86_64/dovecot-pigeonhole-2.2.6-3.1.mbs2.x86_64.rpm 67c9662509cf9fa64d129d846c06627a mbs2/x86_64/dovecot-pigeonhole-devel-2.2.6-3.1.mbs2.x86_64.rpm 11c9627af2b38d1935527942a3e66870 mbs2/x86_64/dovecot-plugins-gssapi-2.2.6-3.1.mbs2.x86_64.rpm dfc56f23f07520c804b8af8688abdbbc mbs2/x86_64/dovecot-plugins-ldap-2.2.6-3.1.mbs2.x86_64.rpm 3ce270a44b749aef02b65b717518e93b mbs2/x86_64/dovecot-plugins-mysql-2.2.6-3.1.mbs2.x86_64.rpm 3610ca4c251604b05101401712af1694 mbs2/x86_64/dovecot-plugins-pgsql-2.2.6-3.1.mbs2.x86_64.rpm 9abe3f4567e180fcd9cbeaf0af8ea4e5 mbs2/x86_64/dovecot-plugins-sqlite-2.2.6-3.1.mbs2.x86_64.rpm 7d92ecbc2cb08e9591cd9b1be0326f49 mbs2/SRPMS/dovecot-2.2.6-3.1.mbs2.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVF7SMmqjQ0CJFipgRAjUSAKCNzqOuQliJVc1nKiBdZhCBK+iFIQCdFtV9 NspHCwRPAGwc9Te32AbCpxA= =DyJk -----END PGP SIGNATURE-----
------------=_1427620730-10360-13 Content-Type: text/plain; charset="UTF-8"; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://store.mandriva.com _______________________________________________________
------------=_1427620730-10360-13--
|
|
|
|