Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: FEDORA-2017-da4ed58fd5
Distribution: Fedora
Plattformen: Fedora 24
Datum: Fr, 28. April 2017, 07:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2669
Applikationen: dovecot



Fedora Update Notification
2017-04-27 14:02:15.390632

Name : dovecot
Product : Fedora 24
Version :
Release : 1.fc24
URL : http://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.


Update Information:

+ quota: Add plugin { quota_max_mail_size } setting to limit the maximum
individual mail size that can be saved. + imapc: Add imapc_features=delay-
login. If set, connecting to the remote IMAP server isn't done until
necessary. + imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add
(deinit) to process title before autoexpunging runs. + Added %{encrypt}
%{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human-
readable string. + imap/pop3-login: All forward_* extra fields returned by
passdb are sent to the next hop when proxying using ID/XCLIENT commands. On
the receiving side these fields are imported and sent to auth process
where they're accessible via %{passdb:forward_*}. This is done only if
sending IP address matches login_trusted_networks. + imap-login: If
imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id}
expands to it in auth process. The ID string is also sent to the next hop
when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation.
- fts-tika: Fixed crash when parsing attachment without Content-Disposition
header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When
passdb/userdb lookups were done via auth-workers, too much data was added
auth cache. This could have resulted in wrong replies when using multiple
passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for
first passdb - oauth2: Various fixes, including fixes to crashes - dsync:
Large Sieve scripts (or other large metadata) weren't always synced. -
rebuild (e.g. doveadm force-resync) set all mails as \Recent -
%{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes
preserved when proxying commands via doveadm-server. Almost all errors used
exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing
mailboxes. - Fixed a potential crash when parsing a broken message header. -
cassandra: Fallback consistency settings weren't working correctly. -
director status <user>: "Initial config" was always empty -
imapc: Various
reconnection fixes.


[ 1 ] Bug #1441457 - CVE-2017-2669 dovecot: Dovecot DoS when passdb dict was
used for authentication [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade dovecot' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten