SUSE Linux Enterprise 11-SP4: Important cyrus-imapd SSL Fix Update

suse

June 1, 2016

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now a...

Summary

This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include "tls_versions: tls1_0 tls1_1 tls1_2". New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748)

Topics Covered

security advisory cyrus-imapd integer overflow important update SSL issues SUSE Linux Enterprise execution attack

References

#860611 #901748 #954200 #954201 #981670

Cross- CVE-2014-3566 CVE-2015-8076 CVE-2015-8077

CVE-2015-8078

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2014-3566.html

https://www.suse.com/security/cve/CVE-2015-8076.html

https://www.suse.com/security/cve/CVE-2015-8077.html

https://www.suse.com/security/cve/CVE-2015-8078.html

https://bugzilla.suse.com/860611

https://bugzilla.suse.com/901748

https://bugzilla.suse.com/954200

https://bugzilla.suse.com/954201

https://bugzilla.suse.com/981670

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1459-1

Rating: important

Topics Covered

security advisory cyrus-imapd integer overflow important update SSL issues SUSE Linux Enterprise execution attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise 11-SP4: Important cyrus-imapd SSL Fix Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise 11-SP4: Important cyrus-imapd SSL Fix Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!