Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: FEDORA-2024-f3e0255c75 High: Cyrus-IMAPd Memory Issue

fedora
Calendar Grey June 14, 2024
Dist Fedora Esm H88
Dovecot-IMAPd patch fixes CVE-2024-34056 with significant risk. Review the information to protect your infrastructure.
Security fix for CVE-2024-34055

Summary

The Cyrus IMAP (Internet Message Access Protocol) server provides access to

personal mail, system-wide bulletin boards, news-feeds, calendar and contacts

through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP

server is a scalable enterprise groupware system designed for use from small to

large enterprise environments using technologies based on well-established Open

Standards.

A full Cyrus IMAP implementation allows a seamless mail and bulletin board

environment to be set up across one or more nodes. It differs from other IMAP

server implementations in that it is run on sealed nodes, where users are not

normally permitted to log in. The mailbox database is stored in parts of the

filesystem that are private to the Cyrus IMAP system. All user access to mail

is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV

and/or CardDAV protocols.

The private mailbox database design gives the Cyrus IMAP server large

advantages in efficiency, scalability, and administratability. Multiple

concurrent read/write connections to the same mailbox are permitted. The server

supports access control lists on mailboxes and storage quotas on mailbox

hierarchies.

Update Information:

Security fix for CVE-2024-34055

Topics%20covered

Topics Covered

security advisory high severity Fedora cyrus-imapd memory allocation

Change Log

* Wed Jun 5 2024 Martin Osvald - 3.8.3-1 - Fix CVE-2024-34055 (rhbz#2290512) - Convert to %autorelease and %autochangelog

References


[ 1 ] Bug #2290510 - CVE-2024-34055 cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command https://bugzilla.redhat.com/show_bug.cgi?id=2290510

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f3e0255c75' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: cyrus-imapd
Product: Fedora 40
Version: 3.8.3
Release: 1.fc40
URL: http://www.cyrusimap.org/
Summary: A high-performance email, contacts and calendar server

Topics%20covered

Topics Covered

security advisory high severity Fedora cyrus-imapd memory allocation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here