2016-02-13
ALT-BU-2016-2579-1
Branch c7 update bulletin.
Closed vulnerabilities
Published: 2014-05-14
BDU:2015-00046
Уязвимость почтового сервера Dovecot, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
References:
Published: 2014-05-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3430
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
Severity: MEDIUM (5.0)
References:
- http://advisories.mageia.org/MGASA-2014-0223.html
- http://advisories.mageia.org/MGASA-2014-0223.html
- [Dovecot-news] 20140511 v2.2.13 released
- [Dovecot-news] 20140511 v2.2.13 released
- http://linux.oracle.com/errata/ELSA-2014-0790.html
- http://linux.oracle.com/errata/ELSA-2014-0790.html
- [dovecot] 20140508 Denial of Service attacks against Dovecot v1.1+
- [dovecot] 20140508 Denial of Service attacks against Dovecot v1.1+
- RHSA-2014:0790
- RHSA-2014:0790
- 59051
- 59051
- 59537
- 59537
- 59552
- 59552
- DSA-2954
- DSA-2954
- MDVSA-2015:113
- MDVSA-2015:113
- [oss-security] 20140509 CVE request: Denial of Service attacks against Dovecot v1.1+
- [oss-security] 20140509 CVE request: Denial of Service attacks against Dovecot v1.1+
- [oss-security] 20140509 Re: CVE request: Denial of Service attacks against Dovecot v1.1+
- [oss-security] 20140509 Re: CVE request: Denial of Service attacks against Dovecot v1.1+
- 67306
- 67306
- USN-2213-1
- USN-2213-1