openSUSE-SU-2018:1134-1

Опубликовано: 03 мая 2018

Источник: suse-cvrf

Описание

Security update for dovecot22

This update for dovecot22 fixes the following issues:

CVE-2017-14461: dovecot22: rfc822_parse_domain Information Leak Vulnerability (bsc#1082826)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

dovecot22-2.2.31-2.6.1

dovecot22-backend-mysql-2.2.31-2.6.1

dovecot22-backend-pgsql-2.2.31-2.6.1

dovecot22-backend-sqlite-2.2.31-2.6.1

dovecot22-devel-2.2.31-2.6.1

dovecot22-fts-2.2.31-2.6.1

dovecot22-fts-lucene-2.2.31-2.6.1

dovecot22-fts-solr-2.2.31-2.6.1

dovecot22-fts-squat-2.2.31-2.6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-05/msg00005.html
E-Mail link for openSUSE-SU-2018:1134-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.

Затронутые продукты

openSUSE Leap 42.3:dovecot22-2.2.31-2.6.1

openSUSE Leap 42.3:dovecot22-backend-mysql-2.2.31-2.6.1

openSUSE Leap 42.3:dovecot22-backend-pgsql-2.2.31-2.6.1

openSUSE Leap 42.3:dovecot22-backend-sqlite-2.2.31-2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-14461.html
CVE-2017-14461
https://bugzilla.suse.com/1082826
SUSE Bug 1082826

openSUSE-SU-2018:1134-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-14461

Описание

Затронутые продукты

Ссылки