{"id":"MGASA-2014-0223","summary":"Updated dovecot packages fix security vulnerability","details":"Updated dovecot packages fix security vulnerability.\n\nDovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login\nprocesses. If SSL/TLS handshake was started but wasn't finished, the login\nprocess attempted to eventually forcibly disconnect the client, but failed\nto do it correctly. This could have left the connections hanging around for\na long time (CVE-2014-3430).\n","modified":"2026-04-16T06:24:36.893011483Z","published":"2014-05-17T00:38:24Z","upstream":["CVE-2014-3430"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0223.html"},{"type":"WEB","url":"http://permalink.gmane.org/gmane.mail.imap.dovecot/77499"},{"type":"WEB","url":"http://www.dovecot.org/list/dovecot-news/2014-May/000273.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/05/09/8"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13355"}],"affected":[{"package":{"name":"dovecot","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/dovecot?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.15-2.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0223.json"}},{"package":{"name":"dovecot","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/dovecot?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.6-2.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0223.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}