security update for cyrus-imapd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2130-1 Final 1 1 2015-11-27T12:56:58Z current 2015-11-27T12:56:58Z 2015-11-27T12:56:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z security update for cyrus-imapd The cyrus-imapd package was updated to fix two security issues. - CVE-2015-8077: Integer overflow in range checks (bnc#954200) - CVE-2015-8078: Integer overflow in index_urlfetch (bnc#954201) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html E-Mail link for openSUSE-SU-2015:2130-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 cyradm-2.4.18-3.1 cyrus-imapd-2.4.18-3.1 cyrus-imapd-devel-2.4.18-3.1 cyrus-imapd-snmp-2.4.18-3.1 cyrus-imapd-snmp-mibs-2.4.18-3.1 cyrus-imapd-utils-2.4.18-3.1 perl-Cyrus-IMAP-2.4.18-3.1 perl-Cyrus-SIEVE-managesieve-2.4.18-3.1 cyradm-2.4.18-3.1 as a component of openSUSE Leap 42.1 cyrus-imapd-2.4.18-3.1 as a component of openSUSE Leap 42.1 cyrus-imapd-devel-2.4.18-3.1 as a component of openSUSE Leap 42.1 cyrus-imapd-snmp-2.4.18-3.1 as a component of openSUSE Leap 42.1 cyrus-imapd-snmp-mibs-2.4.18-3.1 as a component of openSUSE Leap 42.1 cyrus-imapd-utils-2.4.18-3.1 as a component of openSUSE Leap 42.1 perl-Cyrus-IMAP-2.4.18-3.1 as a component of openSUSE Leap 42.1 perl-Cyrus-SIEVE-managesieve-2.4.18-3.1 as a component of openSUSE Leap 42.1 Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. CVE-2015-8077 openSUSE Leap 42.1:cyradm-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-devel-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-snmp-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-snmp-mibs-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-utils-2.4.18-3.1 openSUSE Leap 42.1:perl-Cyrus-IMAP-2.4.18-3.1 openSUSE Leap 42.1:perl-Cyrus-SIEVE-managesieve-2.4.18-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html https://www.suse.com/security/cve/CVE-2015-8077.html CVE-2015-8077 https://bugzilla.suse.com/954200 SUSE Bug 954200 https://bugzilla.suse.com/954201 SUSE Bug 954201 https://bugzilla.suse.com/981670 SUSE Bug 981670 Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. CVE-2015-8078 openSUSE Leap 42.1:cyradm-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-devel-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-snmp-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-snmp-mibs-2.4.18-3.1 openSUSE Leap 42.1:cyrus-imapd-utils-2.4.18-3.1 openSUSE Leap 42.1:perl-Cyrus-IMAP-2.4.18-3.1 openSUSE Leap 42.1:perl-Cyrus-SIEVE-managesieve-2.4.18-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html https://www.suse.com/security/cve/CVE-2015-8078.html CVE-2015-8078 https://bugzilla.suse.com/954201 SUSE Bug 954201 https://bugzilla.suse.com/981670 SUSE Bug 981670