Advisories ยป MGASA-2020-0010

Updated cyrus-imapd packages fix security vulnerability

Publication date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19783

Description

Updated cyrus-imapd packages fix security vulnerability:

It was discovered that the lmtpd component of the Cyrus IMAP server
created mailboxes with administrator privileges if the "fileinto" was
used, bypassing ACL checks (CVE-2019-19783).
                

References

SRPMS

7/core