drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in dovecot
Name: |
Mehrere Probleme in dovecot |
|
ID: |
FEDORA-2018-52d79f4f36 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 27 |
|
Datum: |
So, 1. April 2018, 23:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130 |
|
Applikationen: |
dovecot |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-52d79f4f36 2018-04-01 20:13:09.729581 ------------------------------------------------------------------------------- -
Name : dovecot Product : Fedora 27 Version : 2.2.34 Release : 1.fc27 URL : http://www.dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
------------------------------------------------------------------------------- - Update Information:
dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames. fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker. For example, these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users. fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login process. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1550508 - CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1550508 [ 2 ] Bug #1538717 - CVE-2017-15132 dovecot: Auth leaks memory if SASL authentication is aborted [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1538717 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade dovecot' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|