Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 22.04 LTS USN-7224-1 critical: cyrus-imapd denial of service

ubuntu
Calendar Grey January 23, 2025
Dist Ubuntu Esm H88
Cyrus IMAP Server resolves critical vulnerabilities in Ubuntu versions 18.04 to 24.04 LTS. Ensure your systems are updated.
Several security issues were fixed in Cyrus IMAP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Cyrus IMAP Server. Software Description: - cyrus-imapd: An IMAP server Details: It was discovered that non-authentication-related HTTP requests could be interpreted in an authentication context by a Cyrus IMAP Server when multiple requests arrived over the same connection. An unauthenticated attacker could possibly use this issue to perform a privilege escalation attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928) Matthew Horsfall discovered that Cyrus IMAP Server utilized a poor string hashing algorithm that could be abused to control where data was being stored. An attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33582) Damian Poddebniak disco...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation cyrus-imapd ubuntu

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS cyrus-admin 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-caldav 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-clients 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-common 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-dev 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-imapd 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-murder 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-nntpd 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-pop3d 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-replication 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro libcyrus-imap-perl 3.8.2-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS cyrus-admin 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-caldav 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-clients 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-common 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-dev 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-imapd 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-murder 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-nntpd 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-pop3d 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro cyrus-replication 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro libcyrus-imap-perl 3.4.3-3ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS cyrus-caldav 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-clients 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-common 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-dev 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-imapd 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-murder 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-nntpd 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-pop3d 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro cyrus-replication 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro libcyrus-imap-perl 3.0.13-5ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS cyrus-caldav 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-clients 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-common 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-dev 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-imapd 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-murder 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-nntpd 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-pop3d 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro cyrus-replication 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro libcyrus-imap-perl 2.5.10-3ubuntu1.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7224-1

CVE-2019-18928, CVE-2021-33582, CVE-2024-34055

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7224-1

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation cyrus-imapd ubuntu

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here