Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3430

Published: 13 May 2014

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

Priority

Medium

Status

Package Release Status
dovecot
Launchpad, Ubuntu, Debian
upstream
Released (1:2.2.13~rc1-1)
lucid
Released (1:1.2.9-1ubuntu6.6)
precise
Released (1:2.0.19-0ubuntu2.1)
quantal
Released (1:2.1.7-1ubuntu2.1)
saucy
Released (1:2.1.7-7ubuntu3.1)
trusty
Released (1:2.2.9-1ubuntu2.1)
Patches:
upstream: http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3
upstream: http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339
upstream: http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc
upstream: http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b