CVE-2014-3430

Publication date 13 May 2014

Last updated 24 July 2024

Ubuntu priority

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dovecot	14.04 LTS trusty	Fixed 1:2.2.9-1ubuntu2.1
	13.10 saucy	Fixed 1:2.1.7-7ubuntu3.1
	12.10 quantal	Fixed 1:2.1.7-1ubuntu2.1
	12.04 LTS precise	Fixed 1:2.0.19-0ubuntu2.1
	10.04 LTS lucid	Fixed 1:1.2.9-1ubuntu6.6

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
dovecot	Upstream: http://hg.dovecot.org/dovecot-2.2/rev/41622541a7a3 Upstream: http://hg.dovecot.org/dovecot-2.1/rev/b7ac23b4d339 Upstream: http://hg.dovecot.org/dovecot-2.0/rev/48f90e7e92dc Upstream: http://hg.dovecot.org/dovecot-1.2/rev/8ba4253adc9b

References

Related Ubuntu Security Notices (USN)

USN-2213-1
Dovecot vulnerability
15 May 2014

CVE-2014-3430

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references