Fedora 29: cyrus-imapd Security Update

    Date 07 Jun 2019
    728
    Posted By LinuxSecurity Advisories
    Update to version 3.0.10, which fixes a security issue (a buffer overrun vulnerability in the httpd daemon, CVE-2019-11356).
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-f0435555ac
    2019-06-07 16:33:27.581165
    --------------------------------------------------------------------------------
    
    Name        : cyrus-imapd
    Product     : Fedora 29
    Version     : 3.0.10
    Release     : 1.fc29
    URL         : https://www.cyrusimap.org/
    Summary     : A high-performance email, contacts and calendar server
    Description :
    The Cyrus IMAP (Internet Message Access Protocol) server provides access to
    personal mail, system-wide bulletin boards, news-feeds, calendar and contacts
    through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP
    server is a scalable enterprise groupware system designed for use from small to
    large enterprise environments using technologies based on well-established Open
    Standards.
    
    A full Cyrus IMAP implementation allows a seamless mail and bulletin board
    environment to be set up across one or more nodes. It differs from other IMAP
    server implementations in that it is run on sealed nodes, where users are not
    normally permitted to log in. The mailbox database is stored in parts of the
    filesystem that are private to the Cyrus IMAP system. All user access to mail
    is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV
    and/or CardDAV protocols.
    
    The private mailbox database design gives the Cyrus IMAP server large
    advantages in efficiency, scalability, and administratability. Multiple
    concurrent read/write connections to the same mailbox are permitted. The server
    supports access control lists on mailboxes and storage quotas on mailbox
    hierarchies.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to version 3.0.10, which fixes a security issue (a buffer overrun
    vulnerability in the httpd daemon, CVE-2019-11356).
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue May 28 2019 Jason L Tibbitts III  - 3.0.10-1
    - Update to 3.0.10.
    - Drop upstreamed patch.
    * Tue Jan 15 2019 Jason L Tibbitts III  - 3.0.8-3
    - Add patch to allow a rebuild against the updated ClamAV.
    * Sun Oct 28 2018 Nils Philippsen  - 3.0.8-2
    - remove jmap from list of httpmodules
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1714064 - cyrus-imapd-3.0.10 is available
            https://bugzilla.redhat.com/show_bug.cgi?id=1714064
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-f0435555ac' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":60.87,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":39.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.