Описание
ELSA-2020-4655: cyrus-imapd security update (MODERATE)
[3.0.7-19]
- change ownership of pki files (#1710722)
[3.0.7-18]
- Move old changelog into separate file (#1671239)
[3.0.7-17]
- Add fix for CVE-2019-19783
- Add fix for CVE-2019-18928
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
cyrus-imapd
3.0.7-19.el8
cyrus-imapd-utils
3.0.7-19.el8
cyrus-imapd-vzic
3.0.7-19.el8
Oracle Linux x86_64
cyrus-imapd
3.0.7-19.el8
cyrus-imapd-utils
3.0.7-19.el8
cyrus-imapd-vzic
3.0.7-19.el8
Связанные CVE
Связанные уязвимости
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege ...
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.