openSUSE-SU-2018:2642-1

Опубликовано: 06 сент. 2018

Источник: suse-cvrf

Описание

Security update for dovecot22

This update for dovecot22 fixes the following issues:

Security issue fixed:

CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

dovecot22-2.2.31-2.9.1

dovecot22-backend-mysql-2.2.31-2.9.1

dovecot22-backend-pgsql-2.2.31-2.9.1

dovecot22-backend-sqlite-2.2.31-2.9.1

dovecot22-devel-2.2.31-2.9.1

dovecot22-fts-2.2.31-2.9.1

dovecot22-fts-lucene-2.2.31-2.9.1

dovecot22-fts-solr-2.2.31-2.9.1

dovecot22-fts-squat-2.2.31-2.9.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00012.html
E-Mail link for openSUSE-SU-2018:2642-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

Затронутые продукты

openSUSE Leap 42.3:dovecot22-2.2.31-2.9.1

openSUSE Leap 42.3:dovecot22-backend-mysql-2.2.31-2.9.1

openSUSE Leap 42.3:dovecot22-backend-pgsql-2.2.31-2.9.1

openSUSE Leap 42.3:dovecot22-backend-sqlite-2.2.31-2.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15130.html
CVE-2017-15130
https://bugzilla.suse.com/1082828
SUSE Bug 1082828

openSUSE-SU-2018:2642-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-15130

Описание

Затронутые продукты

Ссылки