CLD-305 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
dovecot |
| Deficiency Type |
SECURITY |
| Date Created |
2018-02-28 16:25:23 |
| Date Last Modified |
2018-02-28 17:15:54 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in dovecot-2.2.34-i686-1 |
| Cucumber 1.0 x86_64 | fixed in dovecot-2.2.34-x86_64-1 |
| Cucumber 1.1 i686 |
fixed in dovecot-2.2.34-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in dovecot-2.2.34-x86_64-1 |
Details:
From https://dovecot.org/list/dovecot-news/2018-February/000370.html:
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted. This happens only if Dovecot config has
local_name { } or local { } configuration blocks and attacker uses
randomly generated SNI servernames.