Package "dovecot-gssapi"

Name: dovecot-gssapi


secure POP3/IMAP server - GSSAPI support

Latest version: 1:2.2.22-1ubuntu2.13
Release: xenial (16.04)
Level: security
Repository: universe
Head package: dovecot
Homepage: http://dovecot.org/


Download "dovecot-gssapi"

Other versions of "dovecot-gssapi" in Xenial

Repository Area Version
base universe 1:2.2.22-1ubuntu2
updates universe 1:2.2.22-1ubuntu2.13


Version: 1:2.2.22-1ubuntu2.7 2018-03-05 13:07:37 UTC

  dovecot (1:2.2.22-1ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: rfc822_parse_domain Information Leak Vulnerability
    - debian/patches/CVE-2017-14461/*.patch: upstream parsing fixes.
    - CVE-2017-14461
  * SECURITY UPDATE: TLS SNI config lookups DoS
    - debian/patches/CVE-2017-15130/*.patch: upstream config filtering fix.
    - CVE-2017-15130

 -- Marc Deslauriers <email address hidden> Tue, 27 Feb 2018 07:46:12 -0500

Source diff to previous version
CVE-2017-14461 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive info
CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration

Version: 1:2.2.22-1ubuntu2.6 2018-02-01 21:06:42 UTC

  dovecot (1:2.2.22-1ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Memory leak that can cause crash due to memory exhaustion
    - debian/patches/CVE-2017-15132.patch: fix memory leak in
      auth_client_request_abort() in src/lib-auth/auth-client-request.c.
    - debian/patches/CVE-2017-15132-additional.patch: remove request after
      abort in src/lib-auth/auth-client-request.c,
    - CVE-2017-15132

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 31 Jan 2018 12:58:33 -0300

Source diff to previous version
CVE-2017-15132 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by log

Version: 1:2.2.22-1ubuntu2.4 2017-04-12 05:08:38 UTC
No changelog available yet.

About   -   Send Feedback to @ubuntu_updates