ALAS-2014-386


Amazon Linux 1 Security Advisory: ALAS-2014-386
Advisory Release Date: 2014-07-23 14:09 Pacific
Advisory Updated Date: 2014-09-19 11:39 Pacific
Severity: Medium

Issue Overview:

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.


Affected Packages:

dovecot


Issue Correction:
Run yum update dovecot to update your system.

New Packages:
i686:
    dovecot-pigeonhole-2.0.9-7.14.amzn1.i686
    dovecot-devel-2.0.9-7.14.amzn1.i686
    dovecot-debuginfo-2.0.9-7.14.amzn1.i686
    dovecot-2.0.9-7.14.amzn1.i686
    dovecot-mysql-2.0.9-7.14.amzn1.i686
    dovecot-pgsql-2.0.9-7.14.amzn1.i686

src:
    dovecot-2.0.9-7.14.amzn1.src

x86_64:
    dovecot-debuginfo-2.0.9-7.14.amzn1.x86_64
    dovecot-pigeonhole-2.0.9-7.14.amzn1.x86_64
    dovecot-devel-2.0.9-7.14.amzn1.x86_64
    dovecot-pgsql-2.0.9-7.14.amzn1.x86_64
    dovecot-mysql-2.0.9-7.14.amzn1.x86_64
    dovecot-2.0.9-7.14.amzn1.x86_64