Package cyrus-imapd updated to version 2.4.18-alt1.M70P.1 for branch p7 in task 155557.

Published: 2015-12-03

BDU:2016-00363

Уязвимость почтового сервера Cyrus IMAP и операционных систем openSUSE и OpenSUSE Leap, позволяющая нарушителю нарушить целостность и доступность защищаемой информации

Severity: HIGH (7.5)

References:

Published: 2015-12-03

BDU:2016-00364

Severity: MEDIUM (5.8)

References:

Published: 2015-12-03
Modified: 2024-11-21

CVE-2015-8077

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Severity: HIGH (7.5)

References:

Published: 2015-12-03
Modified: 2024-11-21

CVE-2015-8078

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

Severity: HIGH (7.5)

References:

Version: 2.1.0

Package cyrus-imapd update in p7 on 2016-01-07

ALT-PU-2016-1010-1

Closed vulnerabilities

BDU:2016-00363

BDU:2016-00364

CVE-2015-8077

CVE-2015-8078