|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0223 (dovecot)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0223: Updated dovecot packages fix security vulnerability 


Date:
    	      Sat, 17 May 2014 02:38:35 +0200


Message-ID:
    	      <20140517003836.0D1C75CCC6@valstar.mageia.org>


MGASA-2014-0223 - Updated dovecot packages fix security vulnerability

Publication date: 17 May 2014
URL: http://advisories.mageia.org/MGASA-2014-0223.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-3430

Description:
Updated dovecot packages fix security vulnerability.

Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login
processes. If SSL/TLS handshake was started but wasn't finished, the login
process attempted to eventually forcibly disconnect the client, but failed
to do it correctly. This could have left the connections hanging around for
a long time (CVE-2014-3430).

References:
- http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
- http://www.dovecot.org/list/dovecot-news/2014-May/000273....
- http://openwall.com/lists/oss-security/2014/05/09/8
- https://bugs.mageia.org/show_bug.cgi?id=13355
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430

SRPMS:
- 4/core/dovecot-2.2.6-2.2.mga4
- 3/core/dovecot-2.1.15-2.1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds