22 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-15130
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups,...
Mageia: Security Advisory (MGASA-2018-0160)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2632-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2632-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-2571)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : dovecot (EulerOS-SA-2019-2138)
According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs...
SUSE-SU-2018:2632-2 Security update for dovecot22
This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828...
Security update for dovecot22 (important)
This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828 This update was...
openSUSE Security Update : dovecot22 (openSUSE-2018-973)
This update for dovecot22 fixes the following issues : Security issue fixed : - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828 This update was...
SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2018:2632-1)
This update for dovecot22 fixes the following issues : Security issue fixed : CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828 Note that Tenable...
SUSE-SU-2018:2632-1 Security update for dovecot22
This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts bsc1082828...
Debian DLA-1333-1 : dovecot security update
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses, whi...
Updated dovecot packages fix security vulnerabilities
Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...
[ASA-201803-7] dovecot: multiple issues
Arch Linux Security Advisory ASA-201803-7 ========================================= Severity: High Date : 2018-03-06 CVE-ID : CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 Package : dovecot Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-645 Summary ======= The packag...
Ubuntu 14.04 LTS / 16.04 LTS : Dovecot vulnerabilities (USN-3587-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3587-1 advisory. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot t...
USN-3587-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2017-14461 It was discovered that Dovecot incorrectly handled TLS S...
Debian DSA-4130-1 : dovecot - security update
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and 'flxflndy' discovered that Dovecot does not properly parse invalid email addresses,...
[SECURITY] [DSA 4130-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4130-1] dovecot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4130-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2018 https://www.debian.org/security/faq -...
CVE-2017-15130
CVE-2017-15130 affects Dovecot; a denial-of-service via TLS SNI config lookups occurs when an attacker can generate random SNI server names, causing excessive memory usage and possible restart. Affected are Dovecot versions before 2.2.34. Several advisories/plugins (SUSE/OpenSUSE, EulerOS, Debian...