Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 21 Dovecot Security Update: CVE-2015-3420 Critical SSL/TLS Crash

fedora
Calendar Grey May 19, 2015
Dist Fedora Esm H88
Postfix upgraded for CentOS 7 to address SMTP authentication errors leading to service disruptions. Important security update implemented.
fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without a...

Summary

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security

primarily in mind. It also contains a small POP3 server. It supports mail

in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

Update Information:

fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - St...

Topics%20covered

Topics Covered

security advisory update Fedora crash fix Dovecot SSL TLS

Change Log

* Tue Apr 28 2015 Michal Hlavinka - 1:2.2.16-2 - fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process * Mon Mar 16 2015 Michal Hlavinka - 1:2.2.16-1 - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. * Thu Feb 5 2015 Michal Hlavinka - 1:2.2.15-3 - fix mbox istream crashes (#1189198, #1186504) * Mon Jan 5 2015 Michal Hlavinka - 1:2.2.15-2 - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6

References


[ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process. https://bugzilla.redhat.com/show_bug.cgi?id=1216057

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update dovecot' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dovecot
Product: Fedora 21
Version: 2.2.16
Release: 2.fc21
URL: Summary : Secure imap and pop3 server

Topics%20covered

Topics Covered

security advisory update Fedora crash fix Dovecot SSL TLS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here