Package : dovecot
Version : 1:2.1.7-7+deb7u2
CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132
Several vulnerabilities have been discovered in the Dovecot email
server. The Common Vulnerabilities and Exposures project identifies the
following issues:
CVE-2017-14461
Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that
Dovecot does not properly parse invalid email addresses, which may
cause a crash or leak memory contents to an attacker.
CVE-2017-15130
It was discovered that TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted, resulting in a denial of service. Only
Dovecot configurations containing local_name { } or local { }
configuration blocks are affected.
CVE-2017-15132
It was discovered that Dovecot contains a memory leak flaw in the
login process on aborted SASL authentication.
For Debian 7 "Wheezy", these problems have been fixed in version
1:2.1.7-7+deb7u2.
We recommend that you upgrade your dovecot packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-1333-1: dovecot security update
March 31, 2018
Several vulnerabilities have been discovered in the Dovecot email server
Summary
CVE-2017-14461
Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that
Dovecot does not properly parse invalid email addresses, which may
cause a crash or leak memory contents to an attacker.
CVE-2017-15130
It was discovered that TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted, resulting in a denial of service. Only
Dovecot configurations containing local_name { } or local { }
configuration blocks are affected.
CVE-2017-15132
It was discovered that Dovecot contains a memory leak flaw in the
login process on aborted SASL authentication.
For Debian 7 "Wheezy", these problems have been fixed in version
1:2.1.7-7+deb7u2.
We recommend that you upgrade your dovecot packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : dovecot
Version : 1:2.1.7-7+deb7u2
CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132
News
HOWTOs
About Us
Powered By
