Opened 6 years ago

Closed 6 years ago

#10450 closed enhancement (fixed)

dovecot-2.3.0.1

Reported by: bdubbs@… Owned by: Pierre Labastie
Priority: normal Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New micro version.

Change History (3)

comment:1 by Pierre Labastie, 6 years ago

Owner: changed from blfs-book@… to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 6 years ago

Two many CVE's for waiting for 2.3.1...

Small patch release to fix the worst bugs in v2.3.0. v2.3.1 is coming in about a month with a lot more changes.

 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
 * Linux: Core dumping is no longer enabled by default via
   PR_SET_DUMPABLE, because this may allow attackers to bypass
   chroot/group restrictions. Found by cPanel Security Team. Nowadays
   core dumps can be safely enabled by using "sysctl -w
   fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
   enabled by setting:
   import_environment=$import_environment PR_SET_DUMPABLE=1
 - imap-login with SSL/TLS connections may end up in infinite loop

comment:3 by Pierre Labastie, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r19930

Note: See TracTickets for help on using tickets.