Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
91
security advisoryGentooupdateGentoo: GLSA-202208-15 Normal: isync Code Execution Risks
Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: isync: Multiple Vulnerabilities Date: August 10, 2022 Bugs: #771738, #794772, #826902 ID: 202208-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. Background ========= isync is an IMAP and MailDir mailbox synchronizer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/isync < 1.4.4 > = 1.4.4 Description ========== Multiple vulnerabilities have been discovered in isync. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All isync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/isync-1.4.4" References ========= [ 1 ] CVE-2021-3578 https://nvd.nist.gov/vuln/detail/CVE-2021-3578 [ 2 ] CVE-2021-3657 https://nvd.nist.gov/vuln/detail/CVE-2021-3657 [ 3 ] CVE-2021-20247 https://nvd.nist.gov/vuln/detail/CVE-2021-20247 [ 4 ] CVE-2021-44143 https://nvd.nist.gov/vuln/detail/CVE-2021-44143 Availability =========== This GLSA and any updates to itare available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-15 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 10, 2022
Gentoo
197
security advisorycritical issueremote code executionDebian Stretch: DLA-3066-1 Critical: Isync Remote Code Execution
Several security vulnerabilities have been discovered in isync, an IMAP and MailDir mailbox synchronizer. An malicious attacker who can control an IMAP server may exploit these flaws for remote code execution. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3066-1
Jul 01, 2022
•Critical
Debian LTS
198
security advisorysoftware updatemedium severityDebian GNU/Linux: 202205-8 High Risk: nmap Local Privilege Escalation
The package isync before version 1.4.4-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202112-5 ======================================== Severity: Medium Date : 2021-12-03 CVE-ID : CVE-2021-3657 CVE-2021-44143 Package : isync Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2579 Summary ====== The package isync before version 1.4.4-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.4.4-1. # pacman -Syu "isync> =1.4.4-1" The problems have been fixed upstream in version 1.4.4. Workaround ========= None. Description ========== - CVE-2021-3657 (arbitrary code execution) A security issue was found in mbsync in isync versions before 1.4.4. Due to inadequate handling of extremely large (> =2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. - CVE-2021-44143 (arbitrary code execution) A security issue was found in mbsync in isync 1.4.0 before version 1.4.4. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. Impact ===== A remote attacker could execute arbitrary code on the mbsync client through crafted email messages. References ========= https://www.openwall.com/lists/oss-security/2021/12/03/1 https://www.openwall.com/lists/oss-security/2021/12/03/1/1 https://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 https://www.openwall.com/lists/oss-security/2021/12/03/2/1 https://security.archlinux.org/CVE-2021-3657 https://security.archlinux.org/CVE-2021-44143 . Arch Linux Security Notice ASA-202112-5: Medium risk associated with isync's vulnerabilities permitting arbitrarycode execution.. isync security advisory, archlinux patch, arbitrary code fix, linux patch management. . Severity: Medium. LinuxSecurity.com Team
Dec 06, 2021
•Medium
ArchLinux
202
security advisoryupdatemoderate severityopenSUSE: 2021:1185-1 Moderate: isync CVE-2021-3578 Fix Available
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for isync ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1185-1 Rating: moderate References: #1186939 Cross-References: CVE-2021-3578 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for isync fixes the following issues: Update to version 1.3.6 * This is a security release that fixes CVE-2021-3578. This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-1185=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): isync-1.3.6-bp152.4.6.1 References: https://www.suse.com/security/cve/CVE-2021-3578.html https://bugzilla.suse.com/1186939 . The latest enhancement for isync tackles the moderately critical CVE-2021-3578 security flaw present in the application!. openSUSE, isync update, security patch, moderate threat. . LinuxSecurity.com Team
Aug 23, 2021
OpenSUSE
202
security advisorymoderatesecurity updateopenSUSE Leap 15.2: Critical Security Updates for Isync, Level Moderate
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for isync ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1170-1 Rating: moderate References: #1186939 Cross-References: CVE-2021-3578 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for isync fixes the following issues: Update to version 1.3.6 * This is a security release that fixes CVE-2021-3578. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1170=1 Package List: - openSUSE Leap 15.2 (x86_64): isync-1.3.6-lp152.4.6.1 isync-debuginfo-1.3.6-lp152.4.6.1 isync-debugsource-1.3.6-lp152.4.6.1 References: https://www.suse.com/security/cve/CVE-2021-3578.html https://bugzilla.suse.com/1186939 . openSUSE Security Advisory for libcurl Announcement ID: openSUSE-SU-2021:1180-1 Severity: low risk for the application.. openSUSE Security Update,isync,moderate threat,security patch. . LinuxSecurity.com Team
Aug 20, 2021
OpenSUSE
202
security advisorybuffer overflowcriticalopenSUSE: 2021:0724-1 Critical: Isync Buffer Overflow Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for isync ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0533-1 Rating: important References: #1182488 Cross-References: CVE-2021-20247 CVSS scores: CVE-2021-20247 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB (boo#1182488) This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-533=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): isync-1.3.5-bp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-20247.html https://bugzilla.suse.com/1182488 . Critical openSUSE security patch for isync tackling a significant vulnerability. Urgent measures advised for all users.. openSUSE Security Update,isync vulnerabilities,maintenance patch. . Severity: Important. LinuxSecurity.com Team
Apr 10, 2021
•Important
OpenSUSE
202
security advisorydenial of servicesecurity updateopenSUSE: 2021:0516-1 Critical: isync Denial of Service Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for isync ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0516-1 Rating: important References: #1182488 Cross-References: CVE-2021-20247 CVSS scores: CVE-2021-20247 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB (boo#1182488) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-516=1 Package List: - openSUSE Leap 15.2 (x86_64): isync-1.3.5-lp152.4.3.1 isync-debuginfo-1.3.5-lp152.4.3.1 isync-debugsource-1.3.5-lp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-20247.html https://bugzilla.suse.com/1182488 . A recent openSUSE upgrade addresses a security flaw in isync, offering detailed instructions on effective installation methods.. openSUSE Security,isync Update,IMAP Security Fix. . Severity: Critical. LinuxSecurity.com Team
Apr 07, 2021
•Critical
OpenSUSE
89
security advisoryupdatecriticalFedora: 2021-ef8c2acfce Critical: Isync Mailbox Synchronization Update
Update to latest upstream release 1.4.1 (#1931574). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ef8c2acfce 2021-03-04 20:06:38.965342 --------------------------------------------------------------------------------Name : isync Product : Fedora 33 Version : 1.4.1 Release : 1.fc33 URL : https://isync.sourceforge.io/ Summary : Tool to synchronize IMAP4 and Maildir mailboxes Description : mbsync is a command line application which synchronizes mailboxes. Currently Maildir and IMAP4 mailboxes are supported. New messages, message deletions and flag changes can be propagated both ways. mbsync is suitable for use in IMAP-disconnected mode. --------------------------------------------------------------------------------Update Information: Update to latest upstream release 1.4.1 (#1931574) --------------------------------------------------------------------------------ChangeLog: * Mon Feb 22 2021 Fabian Affolter - 1.4.1-1 - Update to latest upstream release 1.4.1 (#1931574) - Fix CVE-2021-20247 (#1931597, #1931598) * Thu Feb 4 2021 Fabian Affolter - 1.4.0-1 - Update to latest upstream release 1.4.0 (#1924724) --------------------------------------------------------------------------------References: [ 1 ] Bug #1931574 - isync-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1931574 [ 2 ] Bug #1931597 - CVE-2021-20247 isync: isync/mbsync: mailbox names returned by IMAP LIST/LSUB not validated [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1931597 [ 3 ] Bug #1931598 - CVE-2021-20247 isync: isync/mbsync: mailbox names returned by IMAP LIST/LSUB not validated [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1931598 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ef8c2acfce' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 04, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!