Lucene search

K
archlinuxArch LinuxASA-201504-31
HistoryApr 29, 2015 - 12:00 a.m.

dovecot: denial of service

2015-04-2900:00:00
Arch Linux
lists.archlinux.org
27

EPSS

0.03

Percentile

91.0%

Dovecot <= 2.2.14 does not correctly handle SSL/TLS handshake failure in
the login process, asking OpenSSL to flush a connection that has already
been aborted. This results in a crash with some versions of OpenSSL
(most likely >= 1.0.2). A patch to OpenSSL has also been written to
handle more gracefully this situation, see references.

OSVersionArchitecturePackageVersionFilename
anyanyanydovecot< 2.2.16-2UNKNOWN

EPSS

0.03

Percentile

91.0%