Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 7 Wheezy DLA-1333-1 Critical Dovecot DoS Advisory

debian lts
Calendar Grey March 31, 2018
Dist Debian Esm H88
Package : dovecot Version : 1:2.1.7-7+deb7u2 CVE ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 S
Several vulnerabilities have been discovered in the Dovecot email server

Summary

CVE-2017-14461

Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that
Dovecot does not properly parse invalid email addresses, which may
cause a crash or leak memory contents to an attacker.

CVE-2017-15130

It was discovered that TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted, resulting in a denial of service. Only
Dovecot configurations containing local_name { } or local { }
configuration blocks are affected.

CVE-2017-15132

It was discovered that Dovecot contains a memory leak flaw in the
login process on aborted SASL authentication.


For Debian 7 "Wheezy", these problems have been fixed in version
1:2.1.7-7+deb7u2.

We recommend that you upgrade your dovecot packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: dovecot
Version: 1:2.1.7-7+deb7u2
CVE ID: CVE-2017-14461 CVE-2017-15130 CVE-2017-15132

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here