Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2016:1459-1
HistoryJun 01, 2016 - 12:07 p.m.

Security update for cyrus-imapd (important)

2016-06-0112:07:51
lists.opensuse.org
134

0.975 High

EPSS

Percentile

100.0%

JSON

This update for cyrus-imapd fixes the following issues:

  • Previous versions of cyrus-imapd would not allow its users to disable
    old SSL variants that are vulnerable to attacks like BEAST and POODLE.
    This patch adds the configuration option ‘tls_versions’ to remedy that
    issue. Note that users who upgrade an existing installation will not
    have their imapd.conf file overwritten, i.e. their IMAP server will
    continue to support SSLv2 and SSLv3 like before. To disable support for
    those protocols, edit imapd.conf manually to include "tls_versions:
    tls1_0 tls1_1 tls1_2". New installations, however, will have an
    imapd.conf file that contains these settings already, i.e. newly
    installed IMAP servers do not support unsafe versions of SSL unless
    that support is explicitly enabled by the user. (bsc#901748)

  • An integer overflow vulnerability in cyrus-imapd’s urlfetch range
    checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078,
    bsc#981670, bsc#954200, bsc#954201)

  • Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to
    cyrus-imapd. (bsc#860611)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server11.4i586cyrus-imapd< 2.3.11-60.65.67.1cyrus-imapd-2.3.11-60.65.67.1.i586.rpm
SUSE Linux Enterprise Server11.4x86_64perl-cyrus-imap< 2.3.11-60.65.67.1perl-Cyrus-IMAP-2.3.11-60.65.67.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit11.4i586perl-cyrus-imap< 2.3.11-60.65.67.1perl-Cyrus-IMAP-2.3.11-60.65.67.1.i586.rpm
SUSE Linux Enterprise Server11.4s390xperl-cyrus-sieve-managesieve< 2.3.11-60.65.67.1perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.s390x.rpm
SUSE Linux Enterprise Server11.4i586perl-cyrus-sieve-managesieve< 2.3.11-60.65.67.1perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.4i586perl-cyrus-sieve-managesieve< 2.3.11-60.65.67.1perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.i586.rpm
SUSE Linux Enterprise Server11.4x86_64perl-cyrus-sieve-managesieve< 2.3.11-60.65.67.1perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.x86_64.rpm
SUSE Linux Enterprise Debuginfo11.4s390xcyrus-imapd-debugsource< 2.3.11-60.65.67.1cyrus-imapd-debugsource-2.3.11-60.65.67.1.s390x.rpm
SUSE Linux Enterprise Server11.4ppc64perl-cyrus-imap< 2.3.11-60.65.67.1perl-Cyrus-IMAP-2.3.11-60.65.67.1.ppc64.rpm
SUSE Linux Enterprise Server11.4ppc64cyrus-imapd< 2.3.11-60.65.67.1cyrus-imapd-2.3.11-60.65.67.1.ppc64.rpm
Rows per page:
1-10 of 341

Related

suse 2
openvas 17
nessus 45
prion 4
altlinux 3
freebsd 1
cvelist 4
ubuntucve 3
cve 3
mageia 1
seebug 2
fedora 20
ibm 77
redhat 2
centos 1
cisco 1
veracode 1
osv 2
hackerone 2
f5 1
cert 1
amazon 1
citrix 1
checkpoint_security 1
securityvulns 2
debian 1
suse
suse
Security update for cyrus-imapd (important)
2016-05-31 22:07:35
Security update for suseRegister (important)
2015-01-05 21:04:43
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1457-1)
2021-04-19 00:00:00
SUSE: Security Advisory for cyrus-imapd (SUSE-SU-2016:1457-1)
2016-06-03 00:00:00
Mageia: Security Advisory (MGASA-2016-0045)
2016-02-08 00:00:00
nessus
nessus
SUSE SLES12 Security Update : cyrus-imapd (SUSE-SU-2016:1457-1) (POODLE)
2016-06-17 00:00:00
FreeBSD : cyrus-imapd -- integer overflow in the start_octet addition (d62ec98e-97d8-11e5-8c0e-080027b00c2e)
2015-12-02 00:00:00
openSUSE Security Update : cyrus-imapd (openSUSE-2015-828)
2015-11-30 00:00:00
prion
prion
Integer overflow
2015-12-03 20:59:00
Integer overflow
2015-12-03 20:59:00
Heap overflow
2015-12-03 20:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.7-alt1
2015-12-11 00:00:00
Security fix for the ALT Linux 7 package cyrus-imapd version 2.4.18-alt1.M70P.1
2016-01-07 00:00:00
Security fix for the ALT Linux 9 package cyrus-imapd version 2.5.7-alt1
2015-12-11 00:00:00
freebsd
freebsd
cyrus-imapd -- integer overflow in the start_octet addition
2015-11-04 00:00:00
cvelist
cvelist
CVE-2015-8078
2015-12-03 20:00:00
CVE-2015-8077
2015-12-03 20:00:00
CVE-2015-8076
2015-12-03 20:00:00
ubuntucve
ubuntucve
CVE-2015-8078
2015-12-03 00:00:00
CVE-2015-8077
2015-12-03 00:00:00
CVE-2015-8076
2015-12-03 00:00:00
cve
cve
CVE-2015-8078
2015-12-03 20:59:00
CVE-2015-8077
2015-12-03 20:59:00
CVE-2015-8076
2015-12-03 20:59:00
mageia
mageia
Updated cyrus-imapd packages fix security vulnerability
2016-02-05 20:26:09
seebug
seebug
Cyrus IMAP index_urlfetch信息泄露漏洞
2015-12-04 00:00:00
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: cyrus-imapd-2.4.18-1.fc23
2015-11-17 15:57:29
[SECURITY] Fedora 21 Update: cyrus-imapd-2.4.18-1.fc21
2015-11-20 23:29:13
[SECURITY] Fedora 22 Update: cyrus-imapd-2.4.18-1.fc22
2015-11-17 18:32:37
ibm
ibm
Security Bulletin: Vulnerability in SSLv3 affects IBM Business Monitor (CVE-2014-3566)
2018-06-15 07:02:06
Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566)
2021-12-15 18:05:07
Security Bulletin: Vulnerability in SSLv3 affects GPFS V3.5 for Windows (CVE-2014-3566)
2021-06-25 16:46:35
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
osv
osv
lighttpd - security update
2015-07-25 00:00:00
lighttpd - security update
2016-02-23 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
MariaDB: smtp service vulnerable to POODLE SSLv3
2019-03-24 06:26:55
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
checkpoint_security
checkpoint_security
Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
2014-10-13 21:00:00
securityvulns
securityvulns
TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack
2014-10-18 00:00:00
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
2014-10-18 00:00:00
debian
debian
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:44

0.975 High

EPSS

Percentile

100.0%

JSON
Related for SUSE-SU-2016:1459-1
suse2openvas17nessus45prion4altlinux3freebsd1cvelist4ubuntucve3cve3mageia1seebug2fedora20ibm77redhat2centos1cisco1veracode1osv2hackerone2f51cert1amazon1citrix1checkpoint_security1securityvulns2debian1