Ubuntu 16.04 LTS / 16.10 : dovecot regression (USN-3258-2)
High Nessus Plugin ID 99303
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionUSN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the 'dict' authentication database. This update reverts the change. We apologize for the inconvenience.
It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected dovecot-core package.