SCIENTIFIC-LINUX-ERRATA Archives

June 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: dovecot on SL6.x i386/srpm/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 25 Jun 2014 17:57:57 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
Synopsis:          Moderate: dovecot security update
Advisory ID:       SLSA-2014:0790-1
Issue Date:        2014-06-25
CVE Numbers:       CVE-2014-3430
--

It was discovered that Dovecot did not properly discard connections
trapped in the SSL/TLS handshake phase. A remote attacker could use this
flaw to cause a denial of service on an IMAP/POP3 server by exhausting the
pool of available connections and preventing further, legitimate
connections to the IMAP/POP3 server to be made. (CVE-2014-3430)

After installing the updated packages, the dovecot service will be
restarted automatically.
--

SL6
  x86_64
    dovecot-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pigeonhole-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-devel-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-mysql-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-pgsql-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.i686.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.x86_64.rpm
  i386
    dovecot-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pgsql-2.0.9-7.el6_5.1.i686.rpm
    dovecot-devel-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pigeonhole-2.0.9-7.el6_5.1.i686.rpm
    dovecot-mysql-2.0.9-7.el6_5.1.i686.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.i686.rpm
  srpm
    dovecot-2.0.9-7.el6_5.1.src.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2