--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f3e0255c75
2024-06-14 01:44:09.031956
--------------------------------------------------------------------------------

Name        : cyrus-imapd
Product     : Fedora 40
Version     : 3.8.3
Release     : 1.fc40
URL         : http://www.cyrusimap.org/
Summary     : A high-performance email, contacts and calendar server
Description :
The Cyrus IMAP (Internet Message Access Protocol) server provides access to
personal mail, system-wide bulletin boards, news-feeds, calendar and contacts
through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP
server is a scalable enterprise groupware system designed for use from small to
large enterprise environments using technologies based on well-established Open
Standards.

A full Cyrus IMAP implementation allows a seamless mail and bulletin board
environment to be set up across one or more nodes. It differs from other IMAP
server implementations in that it is run on sealed nodes, where users are not
normally permitted to log in. The mailbox database is stored in parts of the
filesystem that are private to the Cyrus IMAP system. All user access to mail
is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV
and/or CardDAV protocols.

The private mailbox database design gives the Cyrus IMAP server large
advantages in efficiency, scalability, and administratability. Multiple
concurrent read/write connections to the same mailbox are permitted. The server
supports access control lists on mailboxes and storage quotas on mailbox
hierarchies.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-34055
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun  5 2024 Martin Osvald  - 3.8.3-1
- Fix CVE-2024-34055 (rhbz#2290512)
- Convert to %autorelease and %autochangelog
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2290510 - CVE-2024-34055 cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command
        https://bugzilla.redhat.com/show_bug.cgi?id=2290510
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f3e0255c75' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 40: cyrus-imapd 2024-f3e0255c75 Security Advisory Updates

June 14, 2024
Security fix for CVE-2024-34055

Summary

The Cyrus IMAP (Internet Message Access Protocol) server provides access to

personal mail, system-wide bulletin boards, news-feeds, calendar and contacts

through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP

server is a scalable enterprise groupware system designed for use from small to

large enterprise environments using technologies based on well-established Open

Standards.

A full Cyrus IMAP implementation allows a seamless mail and bulletin board

environment to be set up across one or more nodes. It differs from other IMAP

server implementations in that it is run on sealed nodes, where users are not

normally permitted to log in. The mailbox database is stored in parts of the

filesystem that are private to the Cyrus IMAP system. All user access to mail

is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV

and/or CardDAV protocols.

The private mailbox database design gives the Cyrus IMAP server large

advantages in efficiency, scalability, and administratability. Multiple

concurrent read/write connections to the same mailbox are permitted. The server

supports access control lists on mailboxes and storage quotas on mailbox

hierarchies.

Update Information:

Security fix for CVE-2024-34055

Change Log

* Wed Jun 5 2024 Martin Osvald - 3.8.3-1 - Fix CVE-2024-34055 (rhbz#2290512) - Convert to %autorelease and %autochangelog

References

[ 1 ] Bug #2290510 - CVE-2024-34055 cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command https://bugzilla.redhat.com/show_bug.cgi?id=2290510

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f3e0255c75' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : cyrus-imapd
Product : Fedora 40
Version : 3.8.3
Release : 1.fc40
URL : http://www.cyrusimap.org/
Summary : A high-performance email, contacts and calendar server

Related News

1.Penguin Landscape Esm H170
2 - 4 min read
As digital privacy and security evolves, anonymity cannot be overemphasized. Tails is a live operating system designed to keep its focus on privacy
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2) impacting versions
24.Key Code Esm H170
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware
30.Lock Globe Motherboard Esm H170
3 - 5 min read
An update to OpenSSH , an open-source implementation of the Secure Shell (SSH) protocol, will introduce options to penalize unwanted behavior and

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved