Debian: DSA-4590-1: cyrus-imapd security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4590-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
December 19, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cyrus-imapd
CVE ID         : CVE-2019-19783

It was discovered that the lmtpd component of the Cyrus IMAP server
created mailboxes with administrator privileges if the "fileinto" was
used, bypassing ACL checks.

For the oldstable distribution (stretch), this problem has been fixed
in version 2.5.10-3+deb9u2.

For the stable distribution (buster), this problem has been fixed in
version 3.0.8-6+deb10u3.

We recommend that you upgrade your cyrus-imapd packages.

For the detailed security status of cyrus-imapd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cyrus-imapd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-4590-1: cyrus-imapd security update

December 19, 2019
It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks

Summary

It was discovered that the lmtpd component of the Cyrus IMAP server
created mailboxes with administrator privileges if the "fileinto" was
used, bypassing ACL checks.

For the oldstable distribution (stretch), this problem has been fixed
in version 2.5.10-3+deb9u2.

For the stable distribution (buster), this problem has been fixed in
version 3.0.8-6+deb10u3.

We recommend that you upgrade your cyrus-imapd packages.

For the detailed security status of cyrus-imapd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cyrus-imapd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity
Package : cyrus-imapd
CVE ID : CVE-2019-19783

Related News

Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393

5 Best free to use Linux Server distributions for 2023

Use Cockpit for Linux Remote Server Administration

Cisco ClamAV Anti-Malware Scanner Vulnerable to Serious Security Flaw

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy