Denial of Service in dovecot
ID: | FEDORA-2017-da4ed58fd5 |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Fr, 28. April 2017, 07:33 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2669 |
Applikationen: | dovecot |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-da4ed58fd5 2017-04-27 14:02:15.390632 -------------------------------------------------------------------------------- Name : dovecot Product : Fedora 24 Version : 2.2.29.1 Release : 1.fc24 URL : http://www.dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. -------------------------------------------------------------------------------- Update Information: + quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay- login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human- readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the first passdb - oauth2: Various fixes, including fixes to crashes - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. - Fixed a potential crash when parsing a broken message header. - cassandra: Fallback consistency settings weren't working correctly. - doveadm director status |