exploitDog

SUSE-SU-2018:0466-1

Опубликовано: 16 фев. 2018

Источник: suse-cvrf

Описание

Security update for dovecot22

This update for dovecot22 fixes one issue.

This security issue was fixed:

CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608).

Список пакетов

SUSE Linux Enterprise Server 12 SP2

dovecot22-2.2.31-19.5.1

dovecot22-backend-mysql-2.2.31-19.5.1

dovecot22-backend-pgsql-2.2.31-19.5.1

dovecot22-backend-sqlite-2.2.31-19.5.1

SUSE Linux Enterprise Server 12 SP3

dovecot22-2.2.31-19.5.1

dovecot22-backend-mysql-2.2.31-19.5.1

dovecot22-backend-pgsql-2.2.31-19.5.1

dovecot22-backend-sqlite-2.2.31-19.5.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

dovecot22-2.2.31-19.5.1

dovecot22-backend-mysql-2.2.31-19.5.1

dovecot22-backend-pgsql-2.2.31-19.5.1

dovecot22-backend-sqlite-2.2.31-19.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

dovecot22-2.2.31-19.5.1

dovecot22-backend-mysql-2.2.31-19.5.1

dovecot22-backend-pgsql-2.2.31-19.5.1

dovecot22-backend-sqlite-2.2.31-19.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

dovecot22-2.2.31-19.5.1

dovecot22-backend-mysql-2.2.31-19.5.1

dovecot22-backend-pgsql-2.2.31-19.5.1

dovecot22-backend-sqlite-2.2.31-19.5.1

SUSE Linux Enterprise Software Development Kit 12 SP2

dovecot22-devel-2.2.31-19.5.1

SUSE Linux Enterprise Software Development Kit 12 SP3

dovecot22-devel-2.2.31-19.5.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180466-1/
Link for SUSE-SU-2018:0466-1
https://lists.suse.com/pipermail/sle-security-updates/2018-February/003739.html
E-Mail link for SUSE-SU-2018:0466-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1075608
SUSE Bug 1075608
https://www.suse.com/security/cve/CVE-2017-15132/
SUSE CVE CVE-2017-15132 page

Описание

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2:dovecot22-2.2.31-19.5.1

SUSE Linux Enterprise Server 12 SP2:dovecot22-backend-mysql-2.2.31-19.5.1

SUSE Linux Enterprise Server 12 SP2:dovecot22-backend-pgsql-2.2.31-19.5.1

SUSE Linux Enterprise Server 12 SP2:dovecot22-backend-sqlite-2.2.31-19.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15132.html
CVE-2017-15132
https://bugzilla.suse.com/1075608
SUSE Bug 1075608

Уязвимость SUSE-SU-2018:0466-1