Download
| Alert*
oval:org.secpod.oval:def:89044658
This update for dovecot22 to version 2.2.29.1 fixes the following issues: This security issue was fixed: - CVE-2017-2669: Don"t double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS Additionally ... oval:org.secpod.oval:def:112324 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:703562 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:112322 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:602847 It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand to perform %variable expansion. Sending specially crafted %v ... oval:org.secpod.oval:def:51770 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. |