FEDORA-2018-8ba4601398 created by mhlavink 2 years ago for Fedora 26
obsolete

dovecot updated to 2.2.35, pigeonhole updated to 0.4.23


dovecot updated to 2.2.34, pigeonhole updated to 0.4.22
fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive
  memory usage, causing imap-login/pop3-login VSZ limit to be reached
  and the process restarted. This happens only if Dovecot config has
  local_name { } or local { } configuration blocks and attacker uses
  randomly generated SNI servernames.
fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or
  leak memory contents to attacker. For example, these memory contents
  might contain parts of an email from another user if the same imap
  process is reused for multiple users.
fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login
  process.

  • doveadm: Fix crash in proxying (or dsync replication) if remote is running older than v2.2.33
  • auth: Fix memory leak in %{ldap_dn}
  • dict-sql: Fix data types to work correctly with Cassandra

This update has been submitted for testing by mhlavink.

2 years ago

This update has obsoleted dovecot-2.2.34-1.fc26, and has inherited its bugs and notes.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
BZ#1505008 dovecot-2.2.33.2 is available
0
0
BZ#1538717 CVE-2017-15132 dovecot: Auth leaks memory if SASL authentication is aborted [fedora-all]
0
0
BZ#1550508 CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service [fedora-all]
0
0

Automated Test Results