Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 22.04 LTS USN-7224-1 critical: cyrus-imapd denial of service

ubuntu
Calendar Grey January 23, 2025
Dist Ubuntu Esm H88
Cyrus IMAP Server resolves critical vulnerabilities in Ubuntu versions 18.04 to 24.04 LTS. Ensure your systems are updated.
Several security issues were fixed in Cyrus IMAP Server.

Summary

Several security issues were fixed in Cyrus IMAP Server.

Software Description:

- cyrus-imapd: An IMAP server

Details:

It was discovered that non-authentication-related HTTP requests could be

interpreted in an authentication context by a Cyrus IMAP Server when

multiple requests arrived over the same connection. An unauthenticated

attacker could possibly use this issue to perform a privilege escalation

attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928)

Matthew Horsfall discovered that Cyrus IMAP Server utilized a poor string

hashing algorithm that could be abused to control where data was being

stored. An attacker could possibly use this issue to perform a denial of

service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

(CVE-2021-33582)

Damian Poddebniak discovered that Cyrus IMAP Server could interpret

specially crafted commands to exploit a memory issue. An authenticated

attacker could possibly use this issue to perform ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
cyrus-admin 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-caldav 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-clients 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-common 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-dev 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-imapd 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-murder 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-nntpd 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-pop3d 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-replication 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
cyrus-admin 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-caldav 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-clients 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-common 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-dev 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-imapd 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-murder 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-nntpd 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-pop3d 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-replication 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
cyrus-caldav 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-clients 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-common 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-dev 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-imapd 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-murder 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-nntpd 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-pop3d 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-replication 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
cyrus-caldav 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-clients 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-common 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-dev 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-imapd 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-murder 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-nntpd 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-pop3d 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-replication 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
libcyrus-imap-perl 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7224-1

CVE-2019-18928, CVE-2021-33582, CVE-2024-34055

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7224-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here