AVG-645

Package dovecot
Status Fixed
Severity High
Type multiple issues
Affected 2.3.0-2
Fixed 2.3.0.1-1
Current 2.3.5-2 [community]
Ticket None
Created Thu Mar 1 17:36:47 2018
Issue Severity Remote Type Description
CVE-2017-15132 Medium Yes Denial of service
A flaw was found in dovecot before 2.2.34 and 2.3.0.1. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login...
CVE-2017-15130 Medium Yes Denial of service
A denial of service flaw was found in dovecot before 2.2.34 and 2.3.0.1. An attacker able to generate random SNI server names could exploit TLS SNI...
CVE-2017-14461 High Yes Information disclosure
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information...
Date Advisory Package Description
06 Mar 2018 ASA-201803-7 dovecot multiple issues
References
https://www.dovecot.org/list/dovecot-news/2018-February/000371.html