==========================================================================
Ubuntu Security Notice USN-3556-1
February 01, 2018

dovecot vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Dovecot could be made to crash if it received specially crafted input.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

It was discovered that Dovecot incorrectly handled certain
authentications. An attacker could possibly use this to cause a denial
of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  dovecot-core                    1:2.2.27-3ubuntu1.2

Ubuntu 16.04 LTS:
  dovecot-core                    1:2.2.22-1ubuntu2.6

Ubuntu 14.04 LTS:
  dovecot-core                    1:2.2.9-1ubuntu2.3

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3556-1
  CVE-2017-15132

Package Information:
  https://launchpad.net/ubuntu/+source/dovecot/1:2.2.27-3ubuntu1.2
  https://launchpad.net/ubuntu/+source/dovecot/1:2.2.22-1ubuntu2.6
  https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJac3XIAAoJEEW851uECx9psE4P/jRan7QV1CY2yLaPdtwO0iX8
1xB3G6KKtRBJvaGpW3kmeVBjZ4vJv2EYQIo0LoB1v+zvFF31oMfa5N18ZuQVqzJj
frSO89KUyQOrOSaj6pDahmEH7kOeg3G6LI69T5SQ9JIiNyBE3xy4qCRAVa4GOr0G
qXMYhB1CqGXjfBCRFsUeGd/l0Uviox8PoY+Fd+N3cuypB66hPdLQ9xItNH7f1Ne4
LLCrlq1omXnXFIYMTjXLTNAJz71o2opCEs7jc8fw7wnp3wp0ju2c90MhouEy3Bkl
UdbHb7+QylWZVd4C0pHOoD4C5U5+zBU/BX3seMfZTYhXKYTPwgIWbu20tq0+GNrt
pX0UpoPrCTCKDs5w4bN0PbWnZmJI1dhTOXA+UZV2PTh/5s8V7OfYtzH9upbm5Dxl
KDy6j+5QnrtwME0CvZRe2b+NVwL0B3S0w6Vyz6FBAuESMiE/zY88JxFZ9dy5rU0Y
AJWtvsdSJWIrjq8X2nvKmtYpqy+3QBzvEqlCbPu/mWo8+XLlBgwp3Q2egXM0AuM/
OQS4kGCB47/oZF/RSFUWA25Xmsj1wqMVEvyZuYVYJ/1gsQrlTJzFurdxgR0ya8CA
iTCEKK7ssq5jIJriuiteiXMO/nuBSG7DlZ2DYL+HNOgC8CGyqd09E5FPSo6eIE69
7c0My2TFdRqosNAC4yLL
=yM5E
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3556-2
February 01, 2018

dovecot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Dovecot.

Software Description:
– dovecot: IMAP and POP3 email server

Details:

USN-3556-1 fixed vulnerabilities in Dovecot. This update
provides the corresponding update for Ubuntu 12.04 ESM.

It was discovered that Dovecot incorrectly handled certain
authentications. An attacker could possibly use this to bypass
authentication and access sensitive information. (CVE-2013-6171)

Original advisory details:

 It was discovered that Dovecot incorrectly handled certain
authentications.
 An attacker could possibly use this to cause a denial of service.
(CVE-2017-15132)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  dovecot-core                    1:2.0.19-0ubuntu2.4

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3556-2
  https://www.ubuntu.com/usn/usn-3556-1
  CVE-2013-6171, CVE-2017-15132
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJac3xWAAoJEEW851uECx9pwbcP+wbQQuo0jANXf7WYMoUFOa+W
gcGE4rJ6Jk24tSLwNBbyCcfgdDEEEsamypgM1Af4yCTa/DNpEupnLOTXcKBoAA4w
t5EHicAU+RarghjwoFYP04TNPIhl4Jxb40DZcdvXjtQ6YRuJqLyI7RzpzGPzCqtR
BndhwseDwRsZdbUgv5NvpSCj1BEnGDyvnDqkW4lDP22XYrDbNZLcG9qV+j0IFOBt
Y1hopxoQwdEDo8E+NTgjLuV1Hzc8f0rNO4O+hLcoGNIKh6oDpbyFPE3XVIBAs75a
BTOMCpBb783aENxkvxtzJGxzTyhzCF4chdfTRt+BodZR7A3bJlU3JEUrgx+fCAsH
au8MLN5mO4XWjmn5WnMkmcxsJA6EroZrGCXKlGZ4xHH22FO+W/J5smMRwtAsd3uF
KUsqOk6+usBRvEvMk4c0K7eBWxF2sKk8tVw0/xi5LCRWi5xB96TiZpZmHEPU0rrr
iNw86+8uJIrhTlGtbENccLDRqjw2otEcVVK5eXIgdnNbeTJy2df2xqw5dEQDtbvH
KcG4RhISZlmqm80sabLOORNWbo4RpSgp6xNmq5VzS+PQ17xHPO2q4/0L33L72lKU
Dvors4Rbf2CzPgeJ6+0BqLEdLM0ub89wV/vqx1UmEYqafnMuRZ7Rlx8vukGlpRZs
FvH6MOi2weS0zg3Li+mK
=RNqp
—–END PGP SIGNATURE—–
—