CLD-305 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-15130 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) dovecot
Deficiency Type SECURITY
Date Created 2018-02-28 16:25:23
Date Last Modified 2018-02-28 17:15:54

Version Specific Information:

Cucumber 1.0 i686 fixed in dovecot-2.2.34-i686-1
Cucumber 1.0 x86_64 fixed in dovecot-2.2.34-x86_64-1

Cucumber 1.1 i686 fixed in dovecot-2.2.34-i686-1
Cucumber 1.1 x86_64 fixed in dovecot-2.2.34-x86_64-1

Details:

From https://dovecot.org/list/dovecot-news/2018-February/000370.html:
 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.