Security update for dovecot22 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1134-1 Final 1 1 2018-05-03T05:22:44Z current 2018-05-03T05:22:44Z 2018-05-03T05:22:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dovecot22 This update for dovecot22 fixes the following issues: - CVE-2017-14461: dovecot22: rfc822_parse_domain Information Leak Vulnerability (bsc#1082826) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-05/msg00005.html E-Mail link for openSUSE-SU-2018:1134-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dovecot22-2.2.31-2.6.1 dovecot22-backend-mysql-2.2.31-2.6.1 dovecot22-backend-pgsql-2.2.31-2.6.1 dovecot22-backend-sqlite-2.2.31-2.6.1 dovecot22-devel-2.2.31-2.6.1 dovecot22-fts-2.2.31-2.6.1 dovecot22-fts-lucene-2.2.31-2.6.1 dovecot22-fts-solr-2.2.31-2.6.1 dovecot22-fts-squat-2.2.31-2.6.1 dovecot22-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-backend-mysql-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-backend-pgsql-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-backend-sqlite-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-devel-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-fts-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-fts-lucene-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-fts-solr-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 dovecot22-fts-squat-2.2.31-2.6.1 as a component of openSUSE Leap 42.3 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. CVE-2017-14461 openSUSE Leap 42.3:dovecot22-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-backend-mysql-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-backend-pgsql-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-backend-sqlite-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-devel-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-fts-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-fts-lucene-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-fts-solr-2.2.31-2.6.1 openSUSE Leap 42.3:dovecot22-fts-squat-2.2.31-2.6.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-05/msg00005.html https://www.suse.com/security/cve/CVE-2017-14461.html CVE-2017-14461 https://bugzilla.suse.com/1082826 SUSE Bug 1082826