CVE-2016-8652 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | If the auth-policy component has been activated in Dovecot, then a remote user is able to use SASL authentication to crash the auth component. Workaround is to disable auth-policy component until a fix is in place. This can be done by commenting out all auth_policy_* settings. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-94 | dovecot | 0.0-1 | 2.2.27-1 | Medium | Fixed |
| References |
|---|
http://seclists.org/oss-sec/2016/q4/564 |
| Notes |
|---|
marked as <=2.27 is vulnerable: https://access.redhat.com/security/cve/CVE-2016-8652 |