---

CVE-2016-8652 - log back

CVE-2016-8652 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ If the auth-policy component has been activated in Dovecot, then a remote user is able to use SASL authentication to crash the auth component. Workaround is to disable auth-policy component until a fix is in place. This can be done by commenting out all auth_policy_* settings.
References	+ http://seclists.org/oss-sec/2016/q4/564
Notes	+ marked as <=2.27 is vulnerable: https://access.redhat.com/security/cve/CVE-2016-8652