Joined: 12 May 2004
|Posted: Tue Dec 09, 2014 1:26 am Post subject: [ GLSA 201412-03 ] Dovecot: Denial of Service
|Gentoo Linux Security Advisory
Title: Dovecot: Denial of Service (GLSA 201412-03)
Date: December 08, 2014
A vulnerability in Dovecot could allow a remote attacker to create
a Denial of Service condition.
Dovecot is an open source IMAP and POP3 email server.
Vulnerable: < 2.2.13
Unaffected: >= 2.2.13
Architectures: All supported architectures
Dovecot does not properly close connections, allowing a resource
exhaustion for incomplete SSL/TLS handshakes.
A remote attacker could possibly cause a Denial of Service condition.
There is no known workaround at this time.
All Dovecot users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.2.13"