Security update for dovecot22 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2642-1 Final 1 1 2018-09-06T17:41:07Z current 2018-09-06T17:41:07Z 2018-09-06T17:41:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dovecot22 This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00012.html E-Mail link for openSUSE-SU-2018:2642-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dovecot22-2.2.31-2.9.1 dovecot22-backend-mysql-2.2.31-2.9.1 dovecot22-backend-pgsql-2.2.31-2.9.1 dovecot22-backend-sqlite-2.2.31-2.9.1 dovecot22-devel-2.2.31-2.9.1 dovecot22-fts-2.2.31-2.9.1 dovecot22-fts-lucene-2.2.31-2.9.1 dovecot22-fts-solr-2.2.31-2.9.1 dovecot22-fts-squat-2.2.31-2.9.1 dovecot22-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-backend-mysql-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-backend-pgsql-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-backend-sqlite-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-devel-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-fts-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-fts-lucene-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-fts-solr-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 dovecot22-fts-squat-2.2.31-2.9.1 as a component of openSUSE Leap 42.3 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. CVE-2017-15130 openSUSE Leap 42.3:dovecot22-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-backend-mysql-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-backend-pgsql-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-backend-sqlite-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-devel-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-fts-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-fts-lucene-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-fts-solr-2.2.31-2.9.1 openSUSE Leap 42.3:dovecot22-fts-squat-2.2.31-2.9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00012.html https://www.suse.com/security/cve/CVE-2017-15130.html CVE-2017-15130 https://bugzilla.suse.com/1082828 SUSE Bug 1082828