Description
Dovecot has been updated to version 2.2.34 to fix two security issues.
CVE-2017-14461:
This vulnerability comes in two flavors. A malicious party can send a
specially crafted email to a vulnerable system, causing it to crash
dovecot. In some systems, the mail can be stored into the mail system,
causing crash every time it is being opened.
CVE-2017-15130:
If dovecot has been configured with local name or local net
configuration blocks, SNI lookups can be used to trash memory with
useless config by using random servernames.