drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in dovecot
Name: |
Denial of Service in dovecot |
|
ID: |
DSA-3828-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Di, 11. April 2017, 07:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2669 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3828-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : dovecot CVE ID : CVE-2017-2669 Debian Bug : 860049
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart).
For the stable distribution (jessie), this problem has been fixed in version 1:2.2.13-12~deb8u2.
We recommend that you upgrade your dovecot packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljr5IBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RvWQ//SF7KpuoR6O8twHEnckWkOlJkizr2gT1nz7W8W+DzY2CJp8DMs2Y0ekqW fLtVmfBe9DrYhmBkKX7zfK0Wqx9hb/+QmoT8SXTcb3FueuywgZmAmZ2I7iXEcZ4d e5lOm38tynEJ10gEShNhf2iafNWr6TsuG8cQg0BsCWB398kzJwA9YkyG2a1kmbUC 5tmoU9vpHrco/sgUkaVO3aNhGUmEtJFneJioiE2NWwow3m9n9OYY/fc/CbX/S/JD pZXCgzOzKx1u0Xqft5jTDZNksILcuN3WND8xDd5p/67KLg0JzLkx63dfESBMfwTF V3gIardQWpAoV/eHojz/16MKR4GUIFiLSmmexzZ/t9YYVLCqPc+jUlbJRk9yQ0uo c1/B4tZ8kgqDeOgBTU+7xSeMFHPQ47S22EjBEhOR64wsPoquMWVuiPOLyGIRFZ18 gRmkg4DI2f8c2nVMEsj+Lrrwgrx5P+zFlzU+Doj5SaNSL0q7WmI4HQ+edxCn6TpH RIARIZ8zRSQygoCKo585iQhbeAF7C13RIZBp8gvCcyix76pWlHA5KvLxMibYBEPU BVoj8s4e7Q4P6G+2vX/b+q5leUxsRMUZA6K+ppGPSiNsNjTbAAlrhjo5VntZZZaQ +nbe9EWchjG03fx/rNkV8IWVNiFTBzdvZrO5a76UvvjwwtTUjZA= =zaQI -----END PGP SIGNATURE-----
|
|
|
|