Debian Security Advisory
DSA-2954-1 dovecot -- security update
- Date Reported:
- 09 Jun 2014
- Affected Packages:
- dovecot
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 747549.
In Mitre's CVE dictionary: CVE-2014-3430. - More information:
-
It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.
For the stable distribution (wheezy), this problem has been fixed in version 1:2.1.7-7+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 1:2.2.13~rc1-1.
For the unstable distribution (sid), this problem has been fixed in version 1:2.2.13~rc1-1.
We recommend that you upgrade your dovecot packages.