Dovecot-2.2.16 Security Issue: CVE-2015-3420
|Reported by:||Fernando de Oliveira||Owned by:||Fernando de Oliveira|
The latest release of the Dovecot IMAP server (2.2.16) is vulnerable to a remote denial of service (DoS) and has been assigned CVE-2015-3420.
The current Dovecot (2.2.16) imap/pop3 server has an issue that handshake failures will lead to a crash of the login process.
*-login: Don't try to flush SSL output if SSL handshake fails. This fixes a crash on failed handshakes on some OpenSSL builds.
Think we should fix the book. Please, someone could confirm and take this ticket?
Change History (6)
Note: See TracTickets for help on using tickets.