Oval Definition:oval:com.redhat.rhsa:def:20140790
Revision Date:2014-06-25Version:637
Title:RHSA-2014:0790: dovecot security update (Moderate)
Description:Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

  • It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made. (CVE-2014-3430)

    All dovecot users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the dovecot service will be restarted automatically.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2014-3430
    CVE-2014-3430
    RHSA-2014:0790
    RHSA-2014:0790-00
    RHSA-2014:0790-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • dovecot is earlier than 1:2.0.9-7.el6_5.1
  • AND dovecot is signed with Red Hat redhatrelease2 key
  • dovecot-devel is earlier than 1:2.0.9-7.el6_5.1
  • AND dovecot-devel is signed with Red Hat redhatrelease2 key
  • dovecot-mysql is earlier than 1:2.0.9-7.el6_5.1
  • AND dovecot-mysql is signed with Red Hat redhatrelease2 key
  • dovecot-pgsql is earlier than 1:2.0.9-7.el6_5.1
  • AND dovecot-pgsql is signed with Red Hat redhatrelease2 key
  • dovecot-pigeonhole is earlier than 1:2.0.9-7.el6_5.1
  • AND dovecot-pigeonhole is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • dovecot is earlier than 1:2.2.10-4.el7_0.1
  • AND dovecot is signed with Red Hat redhatrelease2 key
  • dovecot-mysql is earlier than 1:2.2.10-4.el7_0.1
  • AND dovecot-mysql is signed with Red Hat redhatrelease2 key
  • dovecot-pgsql is earlier than 1:2.2.10-4.el7_0.1
  • AND dovecot-pgsql is signed with Red Hat redhatrelease2 key
  • dovecot-pigeonhole is earlier than 1:2.2.10-4.el7_0.1
  • AND dovecot-pigeonhole is signed with Red Hat redhatrelease2 key
  • BACK