Lucene search

K
mageiaGentoo FoundationMGASA-2014-0223
HistoryMay 17, 2014 - 4:38 a.m.

Updated dovecot packages fix security vulnerability

2014-05-1704:38:24
Gentoo Foundation
advisories.mageia.org
19

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.091

Percentile

94.7%

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn’t finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time (CVE-2014-3430).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchdovecot< 2.1.15-2.1dovecot-2.1.15-2.1.mga3
Mageia4noarchdovecot< 2.2.6-2.2dovecot-2.2.6-2.2.mga4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.091

Percentile

94.7%