Debian Security Advisory DSA 3828-1 (dovecot - security update)

It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the dict passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart).

dovecot on Debian Linux

This check tests the installed software version using the apt package manager.

For the stable distribution (jessie), this problem has been fixed in version 1:2.2.13-12~deb8u2. We recommend that you upgrade your dovecot packages.