Packages
- cyrus-imapd - An IMAP server
Details
It was discovered that non-authentication-related HTTP requests could be
interpreted in an authentication context by a Cyrus IMAP Server when
multiple requests arrived over the same connection. An unauthenticated
attacker could possibly use this issue to perform a privilege escalation
attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928)
Matthew Horsfall discovered that Cyrus IMAP Server utilized a poor string
hashing algorithm that could be abused to control where data was being
stored. An attacker could possibly use this issue to perform a denial of
service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-33582)
Damian Poddebniak discovered that Cyrus IMAP Server could interpret
specially crafted commands to exploit a memory issue. An authenticated
attacker could possibly use this issue to perform a denial...
It was discovered that non-authentication-related HTTP requests could be
interpreted in an authentication context by a Cyrus IMAP Server when
multiple requests arrived over the same connection. An unauthenticated
attacker could possibly use this issue to perform a privilege escalation
attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928)
Matthew Horsfall discovered that Cyrus IMAP Server utilized a poor string
hashing algorithm that could be abused to control where data was being
stored. An attacker could possibly use this issue to perform a denial of
service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-33582)
Damian Poddebniak discovered that Cyrus IMAP Server could interpret
specially crafted commands to exploit a memory issue. An authenticated
attacker could possibly use this issue to perform a denial of service.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-34055)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
24.04 noble | cyrus-admin – 3.8.2-1ubuntu0.1~esm1 | ||
cyrus-caldav – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-clients – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-common – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-dev – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-imapd – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-murder – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-nntpd – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-pop3d – 3.8.2-1ubuntu0.1~esm1 | |||
cyrus-replication – 3.8.2-1ubuntu0.1~esm1 | |||
libcyrus-imap-perl – 3.8.2-1ubuntu0.1~esm1 | |||
22.04 jammy | cyrus-admin – 3.4.3-3ubuntu0.1+esm1 | ||
cyrus-caldav – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-clients – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-common – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-dev – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-imapd – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-murder – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-nntpd – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-pop3d – 3.4.3-3ubuntu0.1+esm1 | |||
cyrus-replication – 3.4.3-3ubuntu0.1+esm1 | |||
libcyrus-imap-perl – 3.4.3-3ubuntu0.1+esm1 | |||
20.04 focal | cyrus-caldav – 3.0.13-5ubuntu0.1~esm1 | ||
cyrus-clients – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-common – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-dev – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-imapd – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-murder – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-nntpd – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-pop3d – 3.0.13-5ubuntu0.1~esm1 | |||
cyrus-replication – 3.0.13-5ubuntu0.1~esm1 | |||
libcyrus-imap-perl – 3.0.13-5ubuntu0.1~esm1 | |||
18.04 bionic | cyrus-caldav – 2.5.10-3ubuntu1.1+esm1 | ||
cyrus-clients – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-common – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-dev – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-imapd – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-murder – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-nntpd – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-pop3d – 2.5.10-3ubuntu1.1+esm1 | |||
cyrus-replication – 2.5.10-3ubuntu1.1+esm1 | |||
libcyrus-imap-perl – 2.5.10-3ubuntu1.1+esm1 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.