stable

dovecot-2.2.34-1.fc27

FEDORA-2018-52d79f4f36 created by mhlavink 6 years ago for Fedora 27
dovecot updated to 2.2.34, pigeonhole updated to 0.4.22
fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive
  memory usage, causing imap-login/pop3-login VSZ limit to be reached
  and the process restarted. This happens only if Dovecot config has
  local_name { } or local { } configuration blocks and attacker uses
  randomly generated SNI servernames.
fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or
  leak memory contents to attacker. For example, these memory contents
  might contain parts of an email from another user if the same imap
  process is reused for multiple users.
fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login
  process.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-52d79f4f36

This update has been submitted for testing by mhlavink.

6 years ago

This update has been pushed to testing.

6 years ago
User Icon bojan commented & provided feedback 6 years ago
karma

No regressions here.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago
User Icon ttorcz commented & provided feedback 6 years ago
karma

Works fine for me.

User Icon anonymous provided feedback 6 years ago
User Icon nathan95 commented & provided feedback 6 years ago
karma

Ok works for me

This update has been submitted for batched by bodhi.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1538717 CVE-2017-15132 dovecot: Auth leaks memory if SASL authentication is aborted [fedora-all]
0
0
BZ#1550508 CVE-2017-14461 dovecot: Information Leak Vulnerability in rfc822_parse_domain leading to denial-of-service [fedora-all]
0
0

Automated Test Results