MGASA-2018-0160

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0160.html

Import Source

https://advisories.mageia.org/MGASA-2018-0160.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0160

Related

Published

2018-03-07T20:37:26Z

Modified

2018-03-07T20:19:57Z

Summary

Updated dovecot packages fix security vulnerabilities

Details

Dovecot has been updated to version 2.2.34 to fix two security issues.

CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system, causing crash every time it is being opened.

CVE-2017-15130: If dovecot has been configured with local name or local net configuration blocks, SNI lookups can be used to trash memory with useless config by using random servernames.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2018-0160

Affected packages