dovecot-2.2.27 (CVE-2016-8652)
New point version.
Important vulnerability in Dovecot (CVE-2016-8652)
CVSS score: 7.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H)
Affected version(s): 2.2.25.1 up to 2.2.26.1
Fixed in: 2.2.27.1rc1
Short summary: Dovecot auth component can be crashed by remote user when
auth-policy component is activated.
If auth-policy component has been activated in Dovecot, then remote user
can use SASL authentication to crash auth component.
Workaround is to disable auth-policy component until fix is in place.
This can be done by commenting out all auth_policy_* settings.
Change History
(5)
Description: |
modified (diff)
|
Priority: |
normal → high
|
Summary: |
dovecot-2.2.27 → dovecot-2.2.27 (CVE-2016-8652)
|
Owner: |
changed from blfs-book@… to Pierre Labastie
|
Status: |
new → assigned
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
Fixed at r18047