Описание
Security update for dovecot22
This update for dovecot22 fixes the following issues:
- CVE-2017-14461: dovecot22: rfc822_parse_domain (bsc#1082826) Information Leak Vulnerability
Список пакетов
SUSE Linux Enterprise Server 12 SP3
dovecot22-2.2.31-19.8.1
dovecot22-backend-mysql-2.2.31-19.8.1
dovecot22-backend-pgsql-2.2.31-19.8.1
dovecot22-backend-sqlite-2.2.31-19.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dovecot22-2.2.31-19.8.1
dovecot22-backend-mysql-2.2.31-19.8.1
dovecot22-backend-pgsql-2.2.31-19.8.1
dovecot22-backend-sqlite-2.2.31-19.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3
dovecot22-devel-2.2.31-19.8.1
Ссылки
- Link for SUSE-SU-2018:1125-1
- E-Mail link for SUSE-SU-2018:1125-1
- SUSE Security Ratings
- SUSE Bug 1082826
- SUSE CVE CVE-2017-14461 page
Описание
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:dovecot22-2.2.31-19.8.1
SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-mysql-2.2.31-19.8.1
SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-pgsql-2.2.31-19.8.1
SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-sqlite-2.2.31-19.8.1
Ссылки
- CVE-2017-14461
- SUSE Bug 1082826