Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

openSUSE 16.0 cyrus-imapd Moderate Threats Update 2026-21368-1

opensuse
Calendar Grey July 18, 2026
Scroller Opensuse
An update for openSUSE for cyrus-imapd resolving 9 issues now available for installation via zypper or YaST methods.
An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.

Description

This update for cyrus-imapd fixes the following issues:

Changes in cyrus-imapd:

- Update to 3.8.7 (bugfix release)

- CVE-2026-47081: XAPPLEPUSHSERVICE folder existence oracle and push hijack (bsc#1271617)

- CVE-2026-47083: ESEARCH cross-user content oracle (bsc#1271619)

- CVE-2026-47082: Vacation "fcc" skips destination-mailbox ACL (bsc#1271618)

- CVE-2026-47084: LOCALDELETE bypassed ACL checks (bsc#1271620)

- CVE-2026-47085: URLAUTH token forgery via missing mboxkey (bsc#1271621)

- CVE-2026-47086: GENURLAUTH issued tokens bypassing ACLs (bsc#1271622)

- CVE-2026-47087: URLAUTH does not honor revoked authorizer access (bsc#1271623)

- CVE-2026-47088: Heap exposure in nested MIME comment parsing (bsc#1271624)

- CVE-2026-47089: LISTRIGHTS not limited to users with admin access (bsc#1271625)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

cyradm-3.8.7-bp160.1.1

cyrus-imapd-3.8.7-bp160.1.1

cyrus-imapd-devel-3.8.7-bp160.1.1

cyrus-imapd-snmp-3.8.7-bp160.1.1

cyrus-imapd-snmp-mibs-3.8.7-bp160.1.1

cyrus-imapd-utils-3.8.7-bp160.1.1

libcyrus0-3.8.7-bp160.1.1

perl-Cyrus-Annotator-3.8.7-bp160.1.1

perl-Cyrus-IMAP-3.8.7-bp160.1.1

perl-Cyrus-SIEVE-managesieve-3.8.7-bp160.1.1

References

* bsc#1271617

* bsc#1271618

* bsc#1271619

* bsc#1271620

* bsc#1271621

* bsc#1271622

* bsc#1271623

* bsc#1271624

* bsc#1271625

References:

* https://www.suse.com/security/cve/CVE-2026-47081.html

* https://www.suse.com/security/cve/CVE-2026-47082.html

* https://www.suse.com/security/cve/CVE-2026-47083.html

* https://www.suse.com/security/cve/CVE-2026-47084.html

* https://www.suse.com/security/cve/CVE-2026-47085.html

* https://www.suse.com/security/cve/CVE-2026-47086.html

* https://www.suse.com/security/cve/CVE-2026-47087.html

* https://www.suse.com/security/cve/CVE-2026-47088.html

* https://www.suse.com/security/cve/CVE-2026-47089.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21368-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.