Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system, causing crash every time it is being opened. CVE-2017-15130: If dovecot has been configured with local name or local net configuration blocks, SNI lookups can be used to trash memory with useless config by using random servernames.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | dovecot | < 2.2.34-1 | dovecot-2.2.34-1.mga6 |