Security update for dovecot22 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0492-1 Final 1 1 2018-02-20T12:29:33Z current 2018-02-20T12:29:33Z 2018-02-20T12:29:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dovecot22 This update for dovecot22 fixes one issue. This security issue was fixed: - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00076.html E-Mail link for openSUSE-SU-2018:0492-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dovecot22-2.2.31-2.3.1 dovecot22-backend-mysql-2.2.31-2.3.1 dovecot22-backend-pgsql-2.2.31-2.3.1 dovecot22-backend-sqlite-2.2.31-2.3.1 dovecot22-devel-2.2.31-2.3.1 dovecot22-fts-2.2.31-2.3.1 dovecot22-fts-lucene-2.2.31-2.3.1 dovecot22-fts-solr-2.2.31-2.3.1 dovecot22-fts-squat-2.2.31-2.3.1 dovecot22-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-backend-mysql-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-backend-pgsql-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-backend-sqlite-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-devel-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-fts-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-fts-lucene-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-fts-solr-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 dovecot22-fts-squat-2.2.31-2.3.1 as a component of openSUSE Leap 42.3 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. CVE-2017-15132 openSUSE Leap 42.3:dovecot22-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-backend-mysql-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-backend-pgsql-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-backend-sqlite-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-devel-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-fts-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-fts-lucene-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-fts-solr-2.2.31-2.3.1 openSUSE Leap 42.3:dovecot22-fts-squat-2.2.31-2.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00076.html https://www.suse.com/security/cve/CVE-2017-15132.html CVE-2017-15132 https://bugzilla.suse.com/1075608 SUSE Bug 1075608