Ubuntu 14.04 LTS USN-2213-1 Moderate: Dovecot Denial Of Service
May 15, 2014
•
LinuxSecurity Advisories
1 - 2 min read
Dovecot could be made to stop responding if it received specially crafted network traffic.
=========================================================================Ubuntu Security Notice USN-2213-1 May 15, 2014 dovecot vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Dovecot could be made to stop responding if it received specially crafted network traffic. Software Description: - dovecot: IMAP and POP3 email server Details: It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: dovecot-core 1:2.2.9-1ubuntu2.1 dovecot-imapd 1:2.2.9-1ubuntu2.1 dovecot-pop3d 1:2.2.9-1ubuntu2.1 Ubuntu 13.10: dovecot-core 1:2.1.7-7ubuntu3.1 dovecot-imapd 1:2.1.7-7ubuntu3.1 dovecot-pop3d 1:2.1.7-7ubuntu3.1 Ubuntu 12.10: dovecot-core 1:2.1.7-1ubuntu2.1 dovecot-imapd 1:2.1.7-1ubuntu2.1 dovecot-pop3d 1:2.1.7-1ubuntu2.1 Ubuntu 12.04 LTS: dovecot-core 1:2.0.19-0ubuntu2.1 dovecot-imapd 1:2.0.19-0ubuntu2.1 dovecot-pop3d 1:2.0.19-0ubuntu2.1 Ubuntu 10.04 LTS: dovecot-imapd 1:1.2.9-1ubuntu6.6 dovecot-pop3d 1:1.2.9-1ubuntu6.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2213-1 CVE-2014-3430 Package Information: https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.1.7-7ubuntu3.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.1.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:1.2.9-1ubuntu6.6
PREVIOUS
NEXT
Ubuntu 14.04 LTS USN-2213-1 Moderate: Dovecot Denial Of Service
ubuntu
May 15, 2014
Dovecot could be made to stop responding if it received specially crafted network traffic.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: dovecot-core 1:2.2.9-1ubuntu2.1 dovecot-imapd 1:2.2.9-1ubuntu2.1 dovecot-pop3d 1:2.2.9-1ubuntu2.1 Ubuntu 13.10: dovecot-core 1:2.1.7-7ubuntu3.1 dovecot-imapd 1:2.1.7-7ubuntu3.1 dovecot-pop3d 1:2.1.7-7ubuntu3.1 Ubuntu 12.10: dovecot-core 1:2.1.7-1ubuntu2.1 dovecot-imapd 1:2.1.7-1ubuntu2.1 dovecot-pop3d 1:2.1.7-1ubuntu2.1 Ubuntu 12.04 LTS: dovecot-core 1:2.0.19-0ubuntu2.1 dovecot-imapd 1:2.0.19-0ubuntu2.1 dovecot-pop3d 1:2.0.19-0ubuntu2.1 Ubuntu 10.04 LTS: dovecot-imapd 1:1.2.9-1ubuntu6.6 dovecot-pop3d 1:1.2.9-1ubuntu6.6 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2213-1
CVE-2014-3430
Severity
important
Lowest
Low
Medium
High
Critical
May 15, 2014
Package Information
https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.1.7-7ubuntu3.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.1.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:2.0.19-0ubuntu2.1 https://launchpad.net/ubuntu/+source/dovecot/1:1.2.9-1ubuntu6.6
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!