CVE-2017-15130

Several security issues were fixed in Dovecot ...

Several security issues were fixed in Dovecot ...

Several vulnerabilities have been discovered in the Dovecot email server The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and flxflndy discovered that Dovecot does not properly parse invalid email addresses, which may cause a crash or leak memory content ...

Debian Bug report logs - #891820 dovecot: CVE-2017-15130: TLS SNI config lookups are inefficient and can be used for DoS Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Mar 2018 07:33:05 UTC Seve ...

Debian Bug report logs - #888432 dovecot: CVE-2017-15132: auth client leaks memory if SASL authentication is aborted Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jan 2018 14:42:02 UTC Severity ...

Debian Bug report logs - #891819 dovecot: CVE-2017-14461: rfc822_parse_domain information leak vulnerability Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Mar 2018 07:33:02 UTC Severity: grave ...

A denial of service flaw was found in dovecot An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart ...

A denial of service flaw was found in dovecot before 2234 and 2301 An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted This happens only if Dovecot config has local_name { } or local ...