Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in dovecot
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in dovecot
ID: FEDORA-2018-52d79f4f36
Distribution: Fedora
Plattformen: Fedora 27
Datum: So, 1. April 2018, 23:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130
Applikationen: dovecot

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-52d79f4f36
2018-04-01 20:13:09.729581
-------------------------------------------------------------------------------
-

Name : dovecot
Product : Fedora 27
Version : 2.2.34
Release : 1.fc27
URL : http://www.dovecot.org/
Summary : Secure imap and pop3 server
Description :
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

-------------------------------------------------------------------------------
-
Update Information:

dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 fixes
CVE-2017-15130: TLS SNI config lookups may lead to excessive memory
usage,
causing imap-login/pop3-login VSZ limit to be reached and the process
restarted. This happens only if Dovecot config has local_name { } or
local
{ } configuration blocks and attacker uses randomly generated SNI
servernames. fixes CVE-2017-14461: Parsing invalid email addresses may
cause
a crash or leak memory contents to attacker. For example, these memory
contents might contain parts of an email from another user if the same
imap process is reused for multiple users. fixes CVE-2017-15132:
Aborted SASL authentication leaks memory in login process.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1550508 - CVE-2017-14461 dovecot: Information Leak Vulnerability
in rfc822_parse_domain leading to denial-of-service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1550508
[ 2 ] Bug #1538717 - CVE-2017-15132 dovecot: Auth leaks memory if SASL
authentication is aborted [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1538717
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade dovecot' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung