Updated cyrus-imapd packages fix security vulnerability
Publication date: 05 Jan 2020Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19783
Description
Updated cyrus-imapd packages fix security vulnerability:
It was discovered that the lmtpd component of the Cyrus IMAP server
created mailboxes with administrator privileges if the "fileinto" was
used, bypassing ACL checks (CVE-2019-19783).
References
- https://bugs.mageia.org/show_bug.cgi?id=25913
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.12.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/
- https://www.debian.org/security/2019/dsa-4590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19783
SRPMS
7/core
- cyrus-imapd-2.5.15-1.mga7