drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in dovecot (Aktualisierung)
Name: |
Denial of Service in dovecot (Aktualisierung) |
|
ID: |
DSA-3828-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Di, 11. April 2017, 14:25 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
dovecot |
|
Update von: |
Denial of Service in dovecot |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3828-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 11, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : dovecot
The Dovecot update issued as DSA-3828-1 introduced a regression, this update reverts the backported patch. Further analysis by the Dovecot team has shown that only versions starting from 2.2.26 are affected. For reference, the original advisory text follows.
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart).
For the stable distribution (jessie), this problem has been fixed in version 1:2.2.13-12~deb8u3.
We recommend that you upgrade your dovecot packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljsq21fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SaJg/9G7KPGGC2l08PTHRUvJy2FQRG17bTouF8ZyHYL/ePqrx4aegxUq1+R8NB lytcJMVmmm5zGFMfbOZw4SJ+CekOHIiRP7KPj2SHYZAvvZ9Kbcqw24BPD/tOnC6W qsncxFuO0BLaU54ARoYQf1AHU4oQglJ/nogOuF/2LcQGiLHZ/08rsooQgbTlxdaj sH9MOFduvtfUG9eIbTT6RTPe7bTDp/SA79EToVb9iQnXgZTzqYp8fRVRJawBlA4t LHjnxaIvKBTyi+KvVwPOsQdtjjSeTe8pQN/YKEhZEll8NIzagDdJDj2IIGFlMRFN 8ISCF+nwWwKYd69pgxJhV0K1bFlqTEzN9beuOQ5I/bsrAGa1yY7bzXM7HtxWzulD 5vSRU19ivECJUMilJGIRynBn0irJ3/3a1y9DVATRcWLhNkKl7dHF7Z6OiQ31LXVW nqLeYJm0vKXbC5MvBmAXKWjR3pM9g1OwDT6ne03DEBvD6pJTk4iUgfDa7LQsNey4 KoUrx+COoV6Mgo6XA5y4vSbF5orAQl5PswFpz64ZfX0Ccc9H5YflFYblu9EIRO1T 49xlnLBNu/48Lm5dTzuV37d6XsoPjm0WP3rUICR/rUA3R7gN1HSJLIdPee9M5+09 kk2T0TulCsLgCGm1SLxf3vMJ/vZvMO9XLOzvg8Ym4Ub4awRNmlQ= =Z+en -----END PGP SIGNATURE-----
|
|
|
|