Explore top 10 tips to secure your open-source projects now. Read More
×
This update for cyrus-imapd fixes the following issues:
Changes in cyrus-imapd:
- Update to 3.8.7 (bugfix release)
- CVE-2026-47081: XAPPLEPUSHSERVICE folder existence oracle and push hijack (bsc#1271617)
- CVE-2026-47083: ESEARCH cross-user content oracle (bsc#1271619)
- CVE-2026-47082: Vacation "fcc" skips destination-mailbox ACL (bsc#1271618)
- CVE-2026-47084: LOCALDELETE bypassed ACL checks (bsc#1271620)
- CVE-2026-47085: URLAUTH token forgery via missing mboxkey (bsc#1271621)
- CVE-2026-47086: GENURLAUTH issued tokens bypassing ACLs (bsc#1271622)
- CVE-2026-47087: URLAUTH does not honor revoked authorizer access (bsc#1271623)
- CVE-2026-47088: Heap exposure in nested MIME comment parsing (bsc#1271624)
- CVE-2026-47089: LISTRIGHTS not limited to users with admin access (bsc#1271625)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the...
Read the Full Advisory- openSUSE Leap 16.0:
cyradm-3.8.7-bp160.1.1
cyrus-imapd-3.8.7-bp160.1.1
cyrus-imapd-devel-3.8.7-bp160.1.1
cyrus-imapd-snmp-3.8.7-bp160.1.1
cyrus-imapd-snmp-mibs-3.8.7-bp160.1.1
cyrus-imapd-utils-3.8.7-bp160.1.1
libcyrus0-3.8.7-bp160.1.1
perl-Cyrus-Annotator-3.8.7-bp160.1.1
perl-Cyrus-IMAP-3.8.7-bp160.1.1
perl-Cyrus-SIEVE-managesieve-3.8.7-bp160.1.1
* bsc#1271617
* bsc#1271618
* bsc#1271619
* bsc#1271620
* bsc#1271621
* bsc#1271622
* bsc#1271623
* bsc#1271624
* bsc#1271625
References:
* https://www.suse.com/security/cve/CVE-2026-47081.html
* https://www.suse.com/security/cve/CVE-2026-47082.html
* https://www.suse.com/security/cve/CVE-2026-47083.html
* https://www.suse.com/security/cve/CVE-2026-47084.html
* https://www.suse.com/security/cve/CVE-2026-47085.html
* https://www.suse.com/security/cve/CVE-2026-47086.html
* https://www.suse.com/security/cve/CVE-2026-47087.html
* https://www.suse.com/security/cve/CVE-2026-47088.html
* https://www.suse.com/security/cve/CVE-2026-47089.html
Get the latest Linux and open source security news straight to your inbox.