Security update for dovecot22 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1125-1 Final 1 1 2018-05-02T08:29:46Z current 2018-05-02T08:29:46Z 2018-05-02T08:29:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dovecot22 This update for dovecot22 fixes the following issues: - CVE-2017-14461: dovecot22: rfc822_parse_domain (bsc#1082826) Information Leak Vulnerability The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SDK-12-SP3-2018-773,SUSE-SLE-SERVER-12-SP3-2018-773 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181125-1/ Link for SUSE-SU-2018:1125-1 https://lists.suse.com/pipermail/sle-security-updates/2018-May/003969.html E-Mail link for SUSE-SU-2018:1125-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1082826 SUSE Bug 1082826 https://www.suse.com/security/cve/CVE-2017-14461/ SUSE CVE CVE-2017-14461 page SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 dovecot22-devel-2.2.31-19.8.1 dovecot22-2.2.31-19.8.1 dovecot22-backend-mysql-2.2.31-19.8.1 dovecot22-backend-pgsql-2.2.31-19.8.1 dovecot22-backend-sqlite-2.2.31-19.8.1 dovecot22-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server 12 SP3 dovecot22-backend-mysql-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server 12 SP3 dovecot22-backend-pgsql-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server 12 SP3 dovecot22-backend-sqlite-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server 12 SP3 dovecot22-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dovecot22-backend-mysql-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dovecot22-backend-pgsql-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dovecot22-backend-sqlite-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 dovecot22-devel-2.2.31-19.8.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. CVE-2017-14461 SUSE Linux Enterprise Server 12 SP3:dovecot22-2.2.31-19.8.1 SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-mysql-2.2.31-19.8.1 SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-pgsql-2.2.31-19.8.1 SUSE Linux Enterprise Server 12 SP3:dovecot22-backend-sqlite-2.2.31-19.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dovecot22-2.2.31-19.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dovecot22-backend-mysql-2.2.31-19.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dovecot22-backend-pgsql-2.2.31-19.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:dovecot22-backend-sqlite-2.2.31-19.8.1 SUSE Linux Enterprise Software Development Kit 12 SP3:dovecot22-devel-2.2.31-19.8.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181125-1/ https://www.suse.com/security/cve/CVE-2017-14461.html CVE-2017-14461 https://bugzilla.suse.com/1082826 SUSE Bug 1082826