Lucene search
AlmaLinuxALSA-2020:4655HistoryNov 03, 2020 - 12:24 p.m.
Moderate: cyrus-imapd security update
2020-11-0312:24:17
errata.almalinux.org
12
cyrus-imapd
security update
privilege escalation
mail server
imap
pop3
nntp
sieve support
cve-2019-18928
cve-2019-19783
http request
lmtpd component
mailboxes
administrator privileges
acl checks
cvss score
almalinux release notes
EPSS
0.002
Percentile
58.6%
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support.
Security Fix(es):
-
cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)
-
cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the “fileinto” was used, bypassing ACL checks (CVE-2019-19783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | i686 | cyrus-imapd | < 3.0.7-19.el8 | cyrus-imapd-3.0.7-19.el8.i686.rpm |
| almalinux | 8 | x86_64 | cyrus-imapd | < 3.0.7-19.el8 | cyrus-imapd-3.0.7-19.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | cyrus-imapd-utils | < 3.0.7-19.el8 | cyrus-imapd-utils-3.0.7-19.el8.x86_64.rpm |
| almalinux | 8 | x86_64 | cyrus-imapd-vzic | < 3.0.7-19.el8 | cyrus-imapd-vzic-3.0.7-19.el8.x86_64.rpm |
Related
nessus
nessus
CentOS 8 : cyrus-imapd (CESA-2020:4655)
2021-02-01 00:00:00
RHEL 8 : cyrus-imapd (RHSA-2020:4655)
2020-11-04 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: cyrus-imapd-3.0.13-1.fc31
2020-01-05 00:42:32
[SECURITY] Fedora 30 Update: cyrus-imapd-3.0.13-1.fc30
2020-01-04 22:16:34
[SECURITY] Fedora 30 Update: cyrus-imapd-3.0.12-1.fc30
2019-12-05 01:12:37
openvas
openvas
Fedora Update for cyrus-imapd FEDORA-2019-7938c21723
2020-01-08 00:00:00
Fedora Update for cyrus-imapd FEDORA-2019-ad23a4522d
2020-01-09 00:00:00
Cyrus IMAP 2.5.x < 2.5.15, 3.0.x < 3.0.13 ACL Bypass Vulnerability
2019-12-18 00:00:00
oraclelinux
oraclelinux
cyrus-imapd security update
2020-11-10 00:00:00
redhat
redhat
(RHSA-2020:4655) Moderate: cyrus-imapd security update
2020-11-03 12:24:17
prion
prion
Design/Logic Flaw
2019-12-16 14:15:00
Privilege escalation
2019-11-15 04:15:00
debiancve
debiancve
CVE-2019-19783
2019-12-16 14:15:12
CVE-2019-18928
2019-11-15 04:15:10
cve
cve
CVE-2019-19783
2019-12-16 14:15:12
CVE-2019-18928
2019-11-15 04:15:10
debian
debian
[SECURITY] [DSA 4590-1] cyrus-imapd security update
2019-12-19 22:54:18
[SECURITY] [DLA 3052-1] cyrus-imapd security update
2022-06-19 22:39:52
osv
osv
CVE-2019-19783
2019-12-16 14:15:12
cyrus-imapd - security update
2019-12-19 00:00:00
CVE-2019-18928
2019-11-15 04:15:10
cvelist
cvelist
CVE-2019-18928
2019-11-15 03:45:16
CVE-2019-19783
2019-12-16 13:06:54
altlinux
altlinux
Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.12-alt1
2019-11-20 00:00:00
Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.13-alt1
2020-01-10 00:00:00
veracode
veracode
Privilege Escalation
2020-11-05 03:10:36
Privilege Escalation
2020-11-05 03:10:39
ubuntucve
ubuntucve
CVE-2019-18928
2019-11-15 00:00:00
CVE-2019-19783
2019-12-16 00:00:00
mageia
mageia
Updated cyrus-imapd packages fix security vulnerability
2020-01-05 18:37:51
nvd
nvd
CVE-2019-19783
2019-12-16 14:15:12
CVE-2019-18928
2019-11-15 04:15:10
redhatcve
redhatcve
CVE-2019-19783
2019-12-27 18:08:53
CVE-2019-18928
2019-11-21 14:43:43
gentoo
gentoo
Cyrus IMAP Server: Access restriction bypass
2020-06-15 00:00:00
ubuntu
ubuntu
Cyrus IMAP Server vulnerabilities
2020-10-05 00:00:00