Upstream information

CVE-2014-3430 at MITRE

Description

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 877255 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 12
  • dovecot22 >= 2.2.13-2.7
  • dovecot22-backend-mysql >= 2.2.13-2.7
  • dovecot22-backend-pgsql >= 2.2.13-2.7
  • dovecot22-backend-sqlite >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA dovecot22
SUSE Linux Enterprise Server 12 SP1
  • dovecot22 >= 2.2.13-2.7
  • dovecot22-backend-mysql >= 2.2.13-2.7
  • dovecot22-backend-pgsql >= 2.2.13-2.7
  • dovecot22-backend-sqlite >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA dovecot22
SUSE Linux Enterprise Server 12 SP2
  • dovecot22 >= 2.2.13-2.7
  • dovecot22-backend-mysql >= 2.2.13-2.7
  • dovecot22-backend-pgsql >= 2.2.13-2.7
  • dovecot22-backend-sqlite >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA dovecot22
SUSE Linux Enterprise Server 12 SP3
  • dovecot22 >= 2.2.30.2-14.2
  • dovecot22-backend-mysql >= 2.2.30.2-14.2
  • dovecot22-backend-pgsql >= 2.2.30.2-14.2
  • dovecot22-backend-sqlite >= 2.2.30.2-14.2
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA dovecot22
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • dovecot22 >= 2.2.13-2.3
  • dovecot22-backend-mysql >= 2.2.13-2.3
  • dovecot22-backend-pgsql >= 2.2.13-2.3
  • dovecot22-backend-sqlite >= 2.2.13-2.3
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA dovecot22
SUSE Linux Enterprise Software Development Kit 12
  • dovecot22-devel >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA dovecot22-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • dovecot22-devel >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA dovecot22-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • dovecot22-devel >= 2.2.13-2.7
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA dovecot22-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • dovecot22-devel >= 2.2.30.2-14.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA dovecot22-devel
openSUSE Tumbleweed
  • dovecot22 >= 2.2.27-1.1
  • dovecot22-backend-mysql >= 2.2.27-1.1
  • dovecot22-backend-pgsql >= 2.2.27-1.1
  • dovecot22-backend-sqlite >= 2.2.27-1.1
  • dovecot22-devel >= 2.2.27-1.1
  • dovecot22-fts >= 2.2.27-1.1
  • dovecot22-fts-lucene >= 2.2.27-1.1
  • dovecot22-fts-solr >= 2.2.27-1.1
  • dovecot22-fts-squat >= 2.2.27-1.1
Patchnames:
openSUSE Tumbleweed GA dovecot22