dovecot

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An IMAP and POP3 server written with security primarily in mind
Version 2.3.4-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-645 2.3.0-2 2.3.0.1-1 High Fixed
AVG-238 2.2.28-3 2.2.29.1-1 Medium Fixed
AVG-94 0.0-1 2.2.27-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-2669 AVG-238 Medium Yes Denial of service
A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is...
CVE-2017-15132 AVG-645 Medium Yes Denial of service
A flaw was found in dovecot before 2.2.34 and 2.3.0.1. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login...
CVE-2017-15130 AVG-645 Medium Yes Denial of service
A denial of service flaw was found in dovecot before 2.2.34 and 2.3.0.1. An attacker able to generate random SNI server names could exploit TLS SNI...
CVE-2017-14461 AVG-645 High Yes Information disclosure
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information...
CVE-2016-8652 AVG-94 Medium Yes Denial of service
If the auth-policy component has been activated in Dovecot, then a remote user is able to use SASL authentication to crash the auth component. Workaround is...

Advisories

Date Advisory Group Severity Description
06 Mar 2018 ASA-201803-7 AVG-645 High multiple issues
01 May 2017 ASA-201705-1 AVG-238 Medium denial of service