Advisories ยป MGASA-2018-0160

Updated dovecot packages fix security vulnerabilities

Publication date: 07 Mar 2018
Modification date: 07 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14461 , CVE-2017-15130

Description

Dovecot has been updated to version 2.2.34 to fix two security issues.

CVE-2017-14461:
This vulnerability comes in two flavors. A malicious party can send a
specially crafted email to a vulnerable system, causing it to crash
dovecot. In some systems, the mail can be stored into the mail system, 
causing crash every time it is being opened.

CVE-2017-15130:
If dovecot has been configured with local name or local net
configuration blocks, SNI lookups can be used to trash memory with
useless config by using random servernames.
                

References

SRPMS

6/core