Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDVSA-2014:099 ] dovecot
From: security () mandriva com
Date: Fri, 16 May 2014 15:58:01 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:099
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dovecot
 Date    : May 16, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in dovecot:
 
 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x
 before 2.2.12.12 does not properly close old connections, which allows
 remote attackers to cause a denial of service (resource consumption)
 via an incomplete SSL/TLS handshake for an IMAP/POP3 connection
 (CVE-2014-3430).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430
 http://seclists.org/oss-sec/2014/q2/280
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 f43c0fd89c04fa2c294782e24a8ec358  mes5/i586/dovecot-1.1.6-0.5mdvmes5.2.i586.rpm
 c55e94781c0da3eb04a7cb943395de32  mes5/i586/dovecot-devel-1.1.6-0.5mdvmes5.2.i586.rpm
 75308a760c2c78a1616786c1d09f384b  mes5/i586/dovecot-plugins-gssapi-1.1.6-0.5mdvmes5.2.i586.rpm
 b339731e00b84f82d47e2b2b649bf5c9  mes5/i586/dovecot-plugins-ldap-1.1.6-0.5mdvmes5.2.i586.rpm 
 614b17acd72c3566abcd3f1c910dee0a  mes5/SRPMS/dovecot-1.1.6-0.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c5042b751df4a9fc6485641a74430bfd  mes5/x86_64/dovecot-1.1.6-0.5mdvmes5.2.x86_64.rpm
 4ced64eccb24e35abe995171e5a27177  mes5/x86_64/dovecot-devel-1.1.6-0.5mdvmes5.2.x86_64.rpm
 7baa83fdb419faa13773e88258a41e58  mes5/x86_64/dovecot-plugins-gssapi-1.1.6-0.5mdvmes5.2.x86_64.rpm
 b40dbd719a513945f77b94e524e39a75  mes5/x86_64/dovecot-plugins-ldap-1.1.6-0.5mdvmes5.2.x86_64.rpm 
 614b17acd72c3566abcd3f1c910dee0a  mes5/SRPMS/dovecot-1.1.6-0.5mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 45e48e799a602ec746754f51d83d773d  mbs1/x86_64/dovecot-1.2.17-5.1.mbs1.x86_64.rpm
 0dbdeaa62c6d4d51d13fa7c1934e645a  mbs1/x86_64/dovecot-devel-1.2.17-5.1.mbs1.x86_64.rpm
 f766f74ff769386991c9eecbc18f7735  mbs1/x86_64/dovecot-plugins-gssapi-1.2.17-5.1.mbs1.x86_64.rpm
 a81fb27f431c215a6770560a23928baa  mbs1/x86_64/dovecot-plugins-ldap-1.2.17-5.1.mbs1.x86_64.rpm
 7dfb27e36bbe23789ce887089fd7cffb  mbs1/x86_64/dovecot-plugins-managesieve-1.2.17-5.1.mbs1.x86_64.rpm
 ec112e4fad85e6fb44f45e21bd9ac71b  mbs1/x86_64/dovecot-plugins-mysql-1.2.17-5.1.mbs1.x86_64.rpm
 c8b5177c354eeaacf07a946178d2304e  mbs1/x86_64/dovecot-plugins-pgsql-1.2.17-5.1.mbs1.x86_64.rpm
 92ae9ff2deecdb20f8d95842fa6ffca6  mbs1/x86_64/dovecot-plugins-sieve-1.2.17-5.1.mbs1.x86_64.rpm
 7ac32e0bccd481724bad4504286a8321  mbs1/x86_64/dovecot-plugins-sqlite-1.2.17-5.1.mbs1.x86_64.rpm 
 cb4efdf2ea2a20af60e6dfe4f425543d  mbs1/SRPMS/dovecot-1.2.17-5.1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTde1hmqjQ0CJFipgRAqyWAKCXxUu23zABbSSY0j8Q4yh81kKPaACg6bWa
i5HGlfgsh7nlzeifQ0A6jiQ=
=mqpV
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDVSA-2014:099 ] dovecot security (May 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault