Login
Newsletter
Werbung
Sicherheit: Denial of Service in dovecot
Aktuelle Meldungen Distributionen
Name: Denial of Service in dovecot
ID: MDVSA-2014:099
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0, Mandriva Business Server 1.0
Datum: Fr, 16. Mai 2014, 16:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430
http://seclists.org/oss-sec/2014/q2/280
Applikationen: dovecot

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1400248833-21599-11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:099
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dovecot
 Date    : May 16, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in dovecot:
 
 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x
 before 2.2.12.12 does not properly close old connections, which allows
 remote attackers to cause a denial of service (resource consumption)
 via an incomplete SSL/TLS handshake for an IMAP/POP3 connection
 (CVE-2014-3430).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430
 http://seclists.org/oss-sec/2014/q2/280
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 f43c0fd89c04fa2c294782e24a8ec358 
 mes5/i586/dovecot-1.1.6-0.5mdvmes5.2.i586.rpm
 c55e94781c0da3eb04a7cb943395de32 
 mes5/i586/dovecot-devel-1.1.6-0.5mdvmes5.2.i586.rpm
 75308a760c2c78a1616786c1d09f384b 
 mes5/i586/dovecot-plugins-gssapi-1.1.6-0.5mdvmes5.2.i586.rpm
 b339731e00b84f82d47e2b2b649bf5c9 
 mes5/i586/dovecot-plugins-ldap-1.1.6-0.5mdvmes5.2.i586.rpm 
 614b17acd72c3566abcd3f1c910dee0a 
 mes5/SRPMS/dovecot-1.1.6-0.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c5042b751df4a9fc6485641a74430bfd 
 mes5/x86_64/dovecot-1.1.6-0.5mdvmes5.2.x86_64.rpm
 4ced64eccb24e35abe995171e5a27177 
 mes5/x86_64/dovecot-devel-1.1.6-0.5mdvmes5.2.x86_64.rpm
 7baa83fdb419faa13773e88258a41e58 
 mes5/x86_64/dovecot-plugins-gssapi-1.1.6-0.5mdvmes5.2.x86_64.rpm
 b40dbd719a513945f77b94e524e39a75 
 mes5/x86_64/dovecot-plugins-ldap-1.1.6-0.5mdvmes5.2.x86_64.rpm 
 614b17acd72c3566abcd3f1c910dee0a 
 mes5/SRPMS/dovecot-1.1.6-0.5mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 45e48e799a602ec746754f51d83d773d 
 mbs1/x86_64/dovecot-1.2.17-5.1.mbs1.x86_64.rpm
 0dbdeaa62c6d4d51d13fa7c1934e645a 
 mbs1/x86_64/dovecot-devel-1.2.17-5.1.mbs1.x86_64.rpm
 f766f74ff769386991c9eecbc18f7735 
 mbs1/x86_64/dovecot-plugins-gssapi-1.2.17-5.1.mbs1.x86_64.rpm
 a81fb27f431c215a6770560a23928baa 
 mbs1/x86_64/dovecot-plugins-ldap-1.2.17-5.1.mbs1.x86_64.rpm
 7dfb27e36bbe23789ce887089fd7cffb 
 mbs1/x86_64/dovecot-plugins-managesieve-1.2.17-5.1.mbs1.x86_64.rpm
 ec112e4fad85e6fb44f45e21bd9ac71b 
 mbs1/x86_64/dovecot-plugins-mysql-1.2.17-5.1.mbs1.x86_64.rpm
 c8b5177c354eeaacf07a946178d2304e 
 mbs1/x86_64/dovecot-plugins-pgsql-1.2.17-5.1.mbs1.x86_64.rpm
 92ae9ff2deecdb20f8d95842fa6ffca6 
 mbs1/x86_64/dovecot-plugins-sieve-1.2.17-5.1.mbs1.x86_64.rpm
 7ac32e0bccd481724bad4504286a8321 
 mbs1/x86_64/dovecot-plugins-sqlite-1.2.17-5.1.mbs1.x86_64.rpm 
 cb4efdf2ea2a20af60e6dfe4f425543d  mbs1/SRPMS/dovecot-1.2.17-5.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTde1hmqjQ0CJFipgRAqyWAKCXxUu23zABbSSY0j8Q4yh81kKPaACg6bWa
i5HGlfgsh7nlzeifQ0A6jiQ=
=mqpV
-----END PGP SIGNATURE-----


------------=_1400248833-21599-11
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1400248833-21599-11--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung