cyradm-2.4.18-3.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10015 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cyradm-2.4.18-3.4 on GA media These are all security issues fixed in the cyradm-2.4.18-3.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10015 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10015 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-3235/ SUSE CVE CVE-2009-3235 page https://www.suse.com/security/cve/CVE-2011-3372/ SUSE CVE CVE-2011-3372 page https://www.suse.com/security/cve/CVE-2015-8077/ SUSE CVE CVE-2015-8077 page https://www.suse.com/security/cve/CVE-2015-8078/ SUSE CVE CVE-2015-8078 page openSUSE Tumbleweed cyradm-2.4.18-3.4 cyrus-imapd-2.4.18-3.4 cyrus-imapd-devel-2.4.18-3.4 cyrus-imapd-snmp-2.4.18-3.4 cyrus-imapd-snmp-mibs-2.4.18-3.4 cyrus-imapd-utils-2.4.18-3.4 perl-Cyrus-IMAP-2.4.18-3.4 perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 cyradm-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-devel-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-mibs-2.4.18-3.4 as a component of openSUSE Tumbleweed cyrus-imapd-utils-2.4.18-3.4 as a component of openSUSE Tumbleweed perl-Cyrus-IMAP-2.4.18-3.4 as a component of openSUSE Tumbleweed perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 as a component of openSUSE Tumbleweed Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. CVE-2009-3235 openSUSE Tumbleweed:cyradm-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3235.html CVE-2009-3235 https://bugzilla.suse.com/539876 SUSE Bug 539876 https://bugzilla.suse.com/539877 SUSE Bug 539877 imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. CVE-2011-3372 openSUSE Tumbleweed:cyradm-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3372.html CVE-2011-3372 https://bugzilla.suse.com/719998 SUSE Bug 719998 Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. CVE-2015-8077 openSUSE Tumbleweed:cyradm-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8077.html CVE-2015-8077 https://bugzilla.suse.com/954200 SUSE Bug 954200 https://bugzilla.suse.com/954201 SUSE Bug 954201 https://bugzilla.suse.com/981670 SUSE Bug 981670 Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. CVE-2015-8078 openSUSE Tumbleweed:cyradm-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4 openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8078.html CVE-2015-8078 https://bugzilla.suse.com/954201 SUSE Bug 954201 https://bugzilla.suse.com/981670 SUSE Bug 981670