Changes between Initial Version and Version 1 of Ticket #8604


Ignore:
Timestamp:
12/04/2016 07:26:42 PM (8 years ago)
Author:
Douglas R. Reno
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #8604

    • Property Priority normalhigh

  • TabularUnified Ticket #8604 – Description

    initial v1  
    11New point version.
     2
     3
     4{{{
     5Important vulnerability in Dovecot (CVE-2016-8652)
     6CVSS score: 7.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H)
     7Affected version(s): 2.2.25.1 up to 2.2.26.1
     8Fixed in: 2.2.27.1rc1
     9
     10Short summary: Dovecot auth component can be crashed by remote user when
     11auth-policy component is activated.
     12
     13If auth-policy component has been activated in Dovecot, then remote user
     14can use SASL authentication to crash auth component.
     15
     16Workaround is to disable auth-policy component until fix is in place.
     17This can be done by commenting out all auth_policy_* settings.
     18}}}