Synopsis:          Moderate: dovecot security update
Advisory ID:       SLSA-2014:0790-1
Issue Date:        2014-06-25
CVE Numbers:       CVE-2014-3430
--

It was discovered that Dovecot did not properly discard connections
trapped in the SSL/TLS handshake phase. A remote attacker could use this
flaw to cause a denial of service on an IMAP/POP3 server by exhausting the
pool of available connections and preventing further, legitimate
connections to the IMAP/POP3 server to be made. (CVE-2014-3430)

After installing the updated packages, the dovecot service will be
restarted automatically.
--

SL6
  x86_64
    dovecot-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pigeonhole-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-devel-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-mysql-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-pgsql-2.0.9-7.el6_5.1.x86_64.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.i686.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.x86_64.rpm
  i386
    dovecot-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pgsql-2.0.9-7.el6_5.1.i686.rpm
    dovecot-devel-2.0.9-7.el6_5.1.i686.rpm
    dovecot-pigeonhole-2.0.9-7.el6_5.1.i686.rpm
    dovecot-mysql-2.0.9-7.el6_5.1.i686.rpm
    dovecot-debuginfo-2.0.9-7.el6_5.1.i686.rpm
  srpm
    dovecot-2.0.9-7.el6_5.1.src.rpm

- Scientific Linux Development Team