{"id":"MGASA-2018-0160","summary":"Updated dovecot packages fix security vulnerabilities","details":"Dovecot has been updated to version 2.2.34 to fix two security issues.\n\nCVE-2017-14461:\nThis vulnerability comes in two flavors. A malicious party can send a\nspecially crafted email to a vulnerable system, causing it to crash\ndovecot. In some systems, the mail can be stored into the mail system, \ncausing crash every time it is being opened.\n\nCVE-2017-15130:\nIf dovecot has been configured with local name or local net\nconfiguration blocks, SNI lookups can be used to trash memory with\nuseless config by using random servernames.\n","modified":"2026-01-30T18:47:55.667344Z","published":"2018-03-07T20:37:26Z","related":["CVE-2017-14461","CVE-2017-15130"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0160.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22673"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2018/03/01/2"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2018/03/01/3"}],"affected":[{"package":{"name":"dovecot","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/dovecot?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.34-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0160.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}