Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 1 Mar 2018 08:52:26 +0200 (EET)
From: Aki Tuomi <>
Subject: Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups
 are inefficient and can be used for DoS

Vulnerable versions: 2.2.0 - 2.2.33, 2.3.0
Fixed versions: 2.2.34,
Score: 3.7, AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

If dovecot has been configured with local name or local net
configuration blocks, SNI lookups can be used to trash memory with
useless config by using random servernames.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ