openSUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0492-1 Rating: moderate References: #1075608 Cross-References: CVE-2017-15132 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes one issue. This security issue was fixed: - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-189=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): dovecot22-2.2.31-2.3.1 dovecot22-backend-mysql-2.2.31-2.3.1 dovecot22-backend-mysql-debuginfo-2.2.31-2.3.1 dovecot22-backend-pgsql-2.2.31-2.3.1 dovecot22-backend-pgsql-debuginfo-2.2.31-2.3.1 dovecot22-backend-sqlite-2.2.31-2.3.1 dovecot22-backend-sqlite-debuginfo-2.2.31-2.3.1 dovecot22-debuginfo-2.2.31-2.3.1 dovecot22-debugsource-2.2.31-2.3.1 dovecot22-devel-2.2.31-2.3.1 dovecot22-fts-2.2.31-2.3.1 dovecot22-fts-debuginfo-2.2.31-2.3.1 dovecot22-fts-lucene-2.2.31-2.3.1 dovecot22-fts-lucene-debuginfo-2.2.31-2.3.1 dovecot22-fts-solr-2.2.31-2.3.1 dovecot22-fts-solr-debuginfo-2.2.31-2.3.1 dovecot22-fts-squat-2.2.31-2.3.1 dovecot22-fts-squat-debuginfo-2.2.31-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-15132.html https://bugzilla.suse.com/1075608