-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:113 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : dovecot Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging around for a long time (CVE-2014-3430). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430 http://advisories.mageia.org/MGASA-2014-0223.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 1eb6e9066872c78e1755c1971036fc16 mbs2/x86_64/dovecot-2.2.6-3.1.mbs2.x86_64.rpm 656bf9481ba301e634d6a726f794dda5 mbs2/x86_64/dovecot-devel-2.2.6-3.1.mbs2.x86_64.rpm 25eba263e3a69fe651c0ed6337949830 mbs2/x86_64/dovecot-pigeonhole-2.2.6-3.1.mbs2.x86_64.rpm 67c9662509cf9fa64d129d846c06627a mbs2/x86_64/dovecot-pigeonhole-devel-2.2.6-3.1.mbs2.x86_64.rpm 11c9627af2b38d1935527942a3e66870 mbs2/x86_64/dovecot-plugins-gssapi-2.2.6-3.1.mbs2.x86_64.rpm dfc56f23f07520c804b8af8688abdbbc mbs2/x86_64/dovecot-plugins-ldap-2.2.6-3.1.mbs2.x86_64.rpm 3ce270a44b749aef02b65b717518e93b mbs2/x86_64/dovecot-plugins-mysql-2.2.6-3.1.mbs2.x86_64.rpm 3610ca4c251604b05101401712af1694 mbs2/x86_64/dovecot-plugins-pgsql-2.2.6-3.1.mbs2.x86_64.rpm 9abe3f4567e180fcd9cbeaf0af8ea4e5 mbs2/x86_64/dovecot-plugins-sqlite-2.2.6-3.1.mbs2.x86_64.rpm 7d92ecbc2cb08e9591cd9b1be0326f49 mbs2/SRPMS/dovecot-2.2.6-3.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF7SMmqjQ0CJFipgRAjUSAKCNzqOuQliJVc1nKiBdZhCBK+iFIQCdFtV9 NspHCwRPAGwc9Te32AbCpxA= =DyJk -----END PGP SIGNATURE-----