https://bugzilla....">Security update for cyrus-imapd (important) - vulnerability database | Vulners.comhttps://bugzilla....">https://bugzilla....">https://bugzilla....">
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2016:1457-1
HistoryMay 31, 2016 - 10:07 p.m.

Security update for cyrus-imapd (important)

2016-05-3122:07:35
lists.opensuse.org
6

0.975 High

EPSS

Percentile

100.0%

JSON

  • Previous versions of cyrus-imapd would not allow its users to disable
    old protocols like SSLv1 and SSLv2 that are unsafe due to various known
    attacks like BEAST and POODLE.
    <a href=“https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867”>https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867</a> remedies this issue
    by adding the configuration option ‘tls_versions’ to the imapd.conf
    file. Note that users who upgrade existing installation of this package
    will not have their imapd.conf file overwritten, i.e. their IMAP
    server will continue to support SSLv1 and SSLv2 like before. To disable
    support for those protocols, it’s necessary to edit imapd.conf manually
    to state "tls_versions: tls1_0 tls1_1 tls1_2". New installations,
    however, will have an imapd.conf file that contains these settings
    already, i.e. newly installed IMAP servers do not support SSLv1 and
    SSLv2 unless that support is explicitly enabled by the user. (bsc#901748)

    • An integer overflow vulnerability in cyrus-imapd’s urlfetch range
      checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078,
      bsc#981670, bsc#954200, bsc#954201)

    • Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to
      cyrus-imapd. (bsc#860611)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server12.1x86_64perl-cyrus-sieve-managesieve< 2.3.18-37.1perl-Cyrus-SIEVE-managesieve-2.3.18-37.1.x86_64.rpm
SUSE Linux Enterprise Server12s390xcyrus-imapd-debuginfo< 2.3.18-37.1cyrus-imapd-debuginfo-2.3.18-37.1.s390x.rpm
SUSE Linux Enterprise Server12x86_64perl-cyrus-sieve-managesieve< 2.3.18-37.1perl-Cyrus-SIEVE-managesieve-2.3.18-37.1.x86_64.rpm
SUSE Linux Enterprise Server12ppc64leperl-cyrus-imap-debuginfo< 2.3.18-37.1perl-Cyrus-IMAP-debuginfo-2.3.18-37.1.ppc64le.rpm
SUSE Linux Enterprise Server12ppc64lecyrus-imapd-debugsource< 2.3.18-37.1cyrus-imapd-debugsource-2.3.18-37.1.ppc64le.rpm
SUSE Linux Enterprise Server12.1x86_64perl-cyrus-imap-debuginfo< 2.3.18-37.1perl-Cyrus-IMAP-debuginfo-2.3.18-37.1.x86_64.rpm
SUSE Linux Enterprise Server12s390xperl-cyrus-imap-debuginfo< 2.3.18-37.1perl-Cyrus-IMAP-debuginfo-2.3.18-37.1.s390x.rpm
SUSE Linux Enterprise Server12.1ppc64leperl-cyrus-sieve-managesieve-debuginfo< 2.3.18-37.1perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1.ppc64le.rpm
SUSE Linux Enterprise Server12.1x86_64perl-cyrus-sieve-managesieve-debuginfo< 2.3.18-37.1perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1.x86_64.rpm
SUSE Linux Enterprise Server12.1s390xperl-cyrus-sieve-managesieve< 2.3.18-37.1perl-Cyrus-SIEVE-managesieve-2.3.18-37.1.s390x.rpm
Rows per page:
1-10 of 361

Related

suse 2
openvas 17
nessus 45
prion 4
altlinux 3
freebsd 1
cvelist 4
ubuntucve 3
cve 3
mageia 1
seebug 2
fedora 20
ibm 77
redhat 2
centos 1
cisco 1
veracode 1
osv 2
hackerone 2
f5 1
cert 1
amazon 1
citrix 1
checkpoint_security 1
securityvulns 2
debian 1
suse
suse
Security update for cyrus-imapd (important)
2016-06-01 12:07:51
Security update for suseRegister (important)
2015-01-05 21:04:43
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1457-1)
2021-04-19 00:00:00
SUSE: Security Advisory for cyrus-imapd (SUSE-SU-2016:1457-1)
2016-06-03 00:00:00
Mageia: Security Advisory (MGASA-2016-0045)
2016-02-08 00:00:00
nessus
nessus
SUSE SLES12 Security Update : cyrus-imapd (SUSE-SU-2016:1457-1) (POODLE)
2016-06-17 00:00:00
FreeBSD : cyrus-imapd -- integer overflow in the start_octet addition (d62ec98e-97d8-11e5-8c0e-080027b00c2e)
2015-12-02 00:00:00
openSUSE Security Update : cyrus-imapd (openSUSE-2015-828)
2015-11-30 00:00:00
prion
prion
Integer overflow
2015-12-03 20:59:00
Integer overflow
2015-12-03 20:59:00
Heap overflow
2015-12-03 20:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.7-alt1
2015-12-11 00:00:00
Security fix for the ALT Linux 7 package cyrus-imapd version 2.4.18-alt1.M70P.1
2016-01-07 00:00:00
Security fix for the ALT Linux 9 package cyrus-imapd version 2.5.7-alt1
2015-12-11 00:00:00
freebsd
freebsd
cyrus-imapd -- integer overflow in the start_octet addition
2015-11-04 00:00:00
cvelist
cvelist
CVE-2015-8078
2015-12-03 20:00:00
CVE-2015-8077
2015-12-03 20:00:00
CVE-2015-8076
2015-12-03 20:00:00
ubuntucve
ubuntucve
CVE-2015-8078
2015-12-03 00:00:00
CVE-2015-8077
2015-12-03 00:00:00
CVE-2015-8076
2015-12-03 00:00:00
cve
cve
CVE-2015-8078
2015-12-03 20:59:00
CVE-2015-8077
2015-12-03 20:59:00
CVE-2015-8076
2015-12-03 20:59:00
mageia
mageia
Updated cyrus-imapd packages fix security vulnerability
2016-02-05 20:26:09
seebug
seebug
Cyrus IMAP index_urlfetch信息泄露漏洞
2015-12-04 00:00:00
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: cyrus-imapd-2.4.18-1.fc23
2015-11-17 15:57:29
[SECURITY] Fedora 21 Update: cyrus-imapd-2.4.18-1.fc21
2015-11-20 23:29:13
[SECURITY] Fedora 22 Update: cyrus-imapd-2.4.18-1.fc22
2015-11-17 18:32:37
ibm
ibm
Security Bulletin: Vulnerability in SSLv3 affects IBM Business Monitor (CVE-2014-3566)
2018-06-15 07:02:06
Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566)
2021-12-15 18:05:07
Security Bulletin: Vulnerability in SSLv3 affects GPFS V3.5 for Windows (CVE-2014-3566)
2021-06-25 16:46:35
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
osv
osv
lighttpd - security update
2015-07-25 00:00:00
lighttpd - security update
2016-02-23 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
MariaDB: smtp service vulnerable to POODLE SSLv3
2019-03-24 06:26:55
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
checkpoint_security
checkpoint_security
Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
2014-10-13 21:00:00
securityvulns
securityvulns
TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack
2014-10-18 00:00:00
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
2014-10-18 00:00:00
debian
debian
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:44

0.975 High

EPSS

Percentile

100.0%

JSON
Related for SUSE-SU-2016:1457-1
suse2openvas17nessus45prion4altlinux3freebsd1cvelist4ubuntucve3cve3mageia1seebug2fedora20ibm77redhat2centos1cisco1veracode1osv2hackerone2f51cert1amazon1citrix1checkpoint_security1securityvulns2debian1