{"id":"MGASA-2018-0114","summary":"Updated dovecot packages fix security vulnerability","details":"A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL\nauthentication results in a memory leak in dovecot's auth client used by\nlogin processes. The leak has impact in high performance configuration\nwhere same login processes are reused and can cause the process to crash\ndue to memory exhaustion. (CVE-2017-15132).\n","modified":"2026-04-16T06:24:39.514308426Z","published":"2018-02-06T06:25:44Z","upstream":["CVE-2017-15132"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0114.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22468"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2018/01/25/4"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2018/01/31/1"}],"affected":[{"package":{"name":"dovecot","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/dovecot?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-5.6.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0114.json"}},{"package":{"name":"dovecot","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/dovecot?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.29.1-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0114.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}