[SECURITY] [DSA 2954-1] dovecot security update

2014-06-0918:02:29

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.7 Medium

AI Score

Confidence

Low

0.091 Low

EPSS

Percentile

94.7%

JSON

Debian Security Advisory DSA-2954-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2014 http://www.debian.org/security/faq

Package : dovecot
CVE ID : CVE-2014-3430
Debian Bug : 747549

It was discovered that the Dovecot email server is vulnerable to a
denial of service attack against imap/pop3-login processes due to
incorrect handling of the closure of inactive SSL/TLS connections.

For the stable distribution (wheezy), this problem has been fixed in
version 1:2.1.7-7+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 1:2.2.13~rc1-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.2.13~rc1-1.

We recommend that you upgrade your dovecot packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7mipsdovecot-pgsql< 1:2.1.7-7+deb7u1dovecot-pgsql_1:2.1.7-7+deb7u1_mips.deb
Debian7armhfdovecot-managesieved< 1:2.1.7-7+deb7u1dovecot-managesieved_1:2.1.7-7+deb7u1_armhf.deb
Debian7kfreebsd-amd64dovecot-sieve< 1:2.1.7-7+deb7u1dovecot-sieve_1:2.1.7-7+deb7u1_kfreebsd-amd64.deb
Debian7s390xdovecot-core< 1:2.1.7-7+deb7u1dovecot-core_1:2.1.7-7+deb7u1_s390x.deb
Debian7mipsdovecot-gssapi< 1:2.1.7-7+deb7u1dovecot-gssapi_1:2.1.7-7+deb7u1_mips.deb
Debian7s390dovecot-solr< 1:2.1.7-7+deb7u1dovecot-solr_1:2.1.7-7+deb7u1_s390.deb
Debian7kfreebsd-i386dovecot-sqlite< 1:2.1.7-7+deb7u1dovecot-sqlite_1:2.1.7-7+deb7u1_kfreebsd-i386.deb
Debian7mipseldovecot-pgsql< 1:2.1.7-7+deb7u1dovecot-pgsql_1:2.1.7-7+deb7u1_mipsel.deb
Debian7sparcdovecot-mysql< 1:2.1.7-7+deb7u1dovecot-mysql_1:2.1.7-7+deb7u1_sparc.deb
Debian7mipseldovecot-gssapi< 1:2.1.7-7+deb7u1dovecot-gssapi_1:2.1.7-7+deb7u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	mips	dovecot-pgsql	< 1:2.1.7-7+deb7u1	dovecot-pgsql_1:2.1.7-7+deb7u1_mips.deb
Debian	7	armhf	dovecot-managesieved	< 1:2.1.7-7+deb7u1	dovecot-managesieved_1:2.1.7-7+deb7u1_armhf.deb
Debian	7	kfreebsd-amd64	dovecot-sieve	< 1:2.1.7-7+deb7u1	dovecot-sieve_1:2.1.7-7+deb7u1_kfreebsd-amd64.deb
Debian	7	s390x	dovecot-core	< 1:2.1.7-7+deb7u1	dovecot-core_1:2.1.7-7+deb7u1_s390x.deb
Debian	7	mips	dovecot-gssapi	< 1:2.1.7-7+deb7u1	dovecot-gssapi_1:2.1.7-7+deb7u1_mips.deb
Debian	7	s390	dovecot-solr	< 1:2.1.7-7+deb7u1	dovecot-solr_1:2.1.7-7+deb7u1_s390.deb
Debian	7	kfreebsd-i386	dovecot-sqlite	< 1:2.1.7-7+deb7u1	dovecot-sqlite_1:2.1.7-7+deb7u1_kfreebsd-i386.deb
Debian	7	mipsel	dovecot-pgsql	< 1:2.1.7-7+deb7u1	dovecot-pgsql_1:2.1.7-7+deb7u1_mipsel.deb
Debian	7	sparc	dovecot-mysql	< 1:2.1.7-7+deb7u1	dovecot-mysql_1:2.1.7-7+deb7u1_sparc.deb
Debian	7	mipsel	dovecot-gssapi	< 1:2.1.7-7+deb7u1	dovecot-gssapi_1:2.1.7-7+deb7u1_mipsel.deb