Alerts This Week
Warning Icon 1 449
Alerts This Week
Warning Icon 1 449

Important vulnerability discovered in cyrus-imapd for openSUSE Leap 16.0

opensuse
Calendar Grey June 15, 2026
Dist Opensuse Esm H88
Security update for openSUSE addresses two issues in cyrus-imapd, ensuring safer operations and enhanced stability.
An update that solves 2 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for cyrus-imapd fixes the following issues:

Changes in cyrus-imapd:

- cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd (bsc#1251788)

Remove var-run.mount from Requires and After

- update to version 3.8.6 (bugfix release)

VUL-0: CVE-2025-49812: cyrus-imapd: Opossum Attack Application Layer

Desynchronization using Opportunistic TLS (bsc#1246165)

The industry is deprecating STARTTLS (aka opportunistic TLS) in favor of

implicit TLS over a dedicated port. STARTTLS is now disabled by default.

* Fixed issue #5477: master: tighten up pidfile/etc handling (bsc#1241543)

VUL-0: cyrus-imapd: privilege drop happens too late, opening attack vectors from cyrus to root

* Fixed issue #5450: fix zoneinfo_db code for GCC 15 (thanks Yadd)

* Fixed issue #5309: deadlock on shutdown (thanks Mark Cammidge)

* Fixed issue #5424: recognise service-specific SASL options in

``cyr_info conf-lint``

* Fixed issue #5420: fix double-free in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory remote access important cyrus-imapd escalation OpenSUSE

Patch

Package List

- openSUSE Leap 16.0:

cyradm-3.8.6-bp160.1.1

cyrus-imapd-3.8.6-bp160.1.1

cyrus-imapd-devel-3.8.6-bp160.1.1

cyrus-imapd-snmp-3.8.6-bp160.1.1

cyrus-imapd-snmp-mibs-3.8.6-bp160.1.1

cyrus-imapd-utils-3.8.6-bp160.1.1

libcyrus0-3.8.6-bp160.1.1

perl-Cyrus-Annotator-3.8.6-bp160.1.1

perl-Cyrus-IMAP-3.8.6-bp160.1.1

perl-Cyrus-SIEVE-managesieve-3.8.6-bp160.1.1

References

* bsc#1241536

* bsc#1241543

* bsc#1246165

* bsc#1251788

References:

* https://www.suse.com/security/cve/CVE-2025-23394.html

* https://www.suse.com/security/cve/CVE-2025-49812.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20962-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory remote access important cyrus-imapd escalation OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here