Описание
Security update for dovecot22
This update for dovecot22 fixes the following issues:
Security issue fixed:
- CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
dovecot22-2.2.31-19.11.1
dovecot22-backend-mysql-2.2.31-19.11.1
dovecot22-backend-pgsql-2.2.31-19.11.1
dovecot22-backend-sqlite-2.2.31-19.11.1
Ссылки
- Link for SUSE-SU-2018:2632-2
- E-Mail link for SUSE-SU-2018:2632-2
- SUSE Security Ratings
- SUSE Bug 1082828
- SUSE CVE CVE-2017-15130 page
Описание
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:dovecot22-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP2-BCL:dovecot22-backend-mysql-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP2-BCL:dovecot22-backend-pgsql-2.2.31-19.11.1
SUSE Linux Enterprise Server 12 SP2-BCL:dovecot22-backend-sqlite-2.2.31-19.11.1
Ссылки
- CVE-2017-15130
- SUSE Bug 1082828