Описание
Security update for dovecot22
This update for dovecot22 fixes the following issues:
Security issue fixed:
- CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828)
Список пакетов
SUSE Enterprise Storage 4
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP1-LTSS
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP2-LTSS
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP3
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server 12-LTSS
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
SUSE Linux Enterprise Software Development Kit 12 SP3
dovecot22-devel-2.2.31-19.11.1
SUSE OpenStack Cloud 7
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
Ссылки
- Link for SUSE-SU-2018:2632-1
- E-Mail link for SUSE-SU-2018:2632-1
- SUSE Security Ratings
- SUSE Bug 1082828
- SUSE CVE CVE-2017-15130 page
Описание
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Затронутые продукты
SUSE Enterprise Storage 4:dovecot22-2.2.31-19.11.1
SUSE Enterprise Storage 4:dovecot22-backend-mysql-2.2.31-19.11.1
SUSE Enterprise Storage 4:dovecot22-backend-pgsql-2.2.31-19.11.1
SUSE Enterprise Storage 4:dovecot22-backend-sqlite-2.2.31-19.11.1
Ссылки
- CVE-2017-15130
- SUSE Bug 1082828