ALT-BU-2019-3924-1
Branch p8 update bulletin.
Package cyrus-imapd updated to version 2.5.13-alt0.M80P.1 for branch p8 in task 236049.
Closed vulnerabilities
BDU:2019-02901
Уязвимость функции CalDAV серверного демона httpd из состава IMAP-сервера Cyrus, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, вызвать отказ в обслуживании, а также выполнить произвольный код
Modified: 2024-11-21
CVE-2019-11356
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
- RHSA-2019:1771
- RHSA-2019:1771
- FEDORA-2019-309f559057
- FEDORA-2019-309f559057
- FEDORA-2019-f0435555ac
- FEDORA-2019-f0435555ac
- 20190609 [SECURITY] [DSA 4458-1] cyrus-imapd security update
- 20190609 [SECURITY] [DSA 4458-1] cyrus-imapd security update
- USN-4566-1
- USN-4566-1
- https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html
- DSA-4458
- DSA-4458
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-7186
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
- 97030
- 97030
- RHSA-2018:2486
- RHSA-2018:2486
- https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
- https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
- https://bugs.exim.org/show_bug.cgi?id=2052
- https://bugs.exim.org/show_bug.cgi?id=2052
- GLSA-201710-09
- GLSA-201710-09
- GLSA-201710-25
- GLSA-201710-25
- https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
- https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date
- https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
- https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date
- https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
- https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date
- https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
- https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date
Modified: 2024-11-21
CVE-2017-7244
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
Modified: 2024-11-21
CVE-2017-7245
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
- 97067
- 97067
- RHSA-2018:2486
- RHSA-2018:2486
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
- GLSA-201710-25
- GLSA-201710-25
Modified: 2024-11-21
CVE-2017-7246
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
- 97067
- 97067
- RHSA-2018:2486
- RHSA-2018:2486
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
- https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
- GLSA-201710-25
- GLSA-201710-25
Modified: 2024-11-21
CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
- 20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
- 20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
- https://bugs.gentoo.org/717920
- https://bugs.gentoo.org/717920
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT212147
- https://support.apple.com/kb/HT212147
- https://www.pcre.org/original/changelog.txt
- https://www.pcre.org/original/changelog.txt