Your submission was sent successfully! Close

USN-3258-1: Dovecot vulnerability

10 April 2017

Dovecot could be made to crash if it received specially crafted input.

Releases

Packages

  • dovecot - IMAP and POP3 email server

Details

It was discovered that Dovecot incorrectly handled some usernames. An attacker
could possibly use this issue to cause Dovecot to hang or crash, resulting in a
denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References

Related notices

  • USN-3258-2: dovecot-managesieved, dovecot-dev, dovecot-lmtpd, dovecot-imapd, dovecot-pop3d, dovecot-sqlite, dovecot-gssapi, dovecot-sieve, dovecot-ldap, dovecot-mysql, dovecot-pgsql, mail-stack-delivery, dovecot-core, dovecot, dovecot-solr, dovecot-lucene