Fedora 22: dovecot Security Update 2015-7156
Summary
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind. It also contains a small POP3 server. It supports mail
in either of maildir or mbox formats.
The SQL drivers and authentication plug-ins are in their subpackages.
Update Information:
fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes.
Change Log
References
[ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process. https://bugzilla.redhat.com/show_bug.cgi?id=1216057
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update dovecot' at the command line. For more information, refer to "Managing Software with yum", available at .