2019-11-23
ALT-BU-2019-4081-1
Branch p8 update bulletin.
Package cyrus-imapd updated to version 2.5.14-alt0.M80P.1 for branch p8 in task 240906.
Closed vulnerabilities
Published: 2019-11-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update
- [debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update
- FEDORA-2019-03be160f9c
- FEDORA-2019-03be160f9c
- FEDORA-2019-393e1cef4d
- FEDORA-2019-393e1cef4d
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html