-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGdQrXIBEACdQtlt0q4nFuG/w6jmXuMpI5n1p/REUpoDI3Fu+2C1Ze46ieTM
zKl5rh0+/rEBvwGn5Ox1lcu/QnujnNznNQ0g4ZarPRl3kCA2SKeyqe2vj77sfMkj
3NCF9nlvJVR/j3LgWdo8eynohrkPH8nXazSyzyZRWnUSrn7OCKMZ8KLlkixM9Av/
58Z2lbzVxto3ehTEXprUSn+WZTuKLBuIIE4681Y0lDZbmhi6W0kQBn/kvAlND/ue
G9OLijCJFT7HbikxMtKhCK82cXCSw4SeGzdhkHFLa+QdKo9W/iWYyB9jT+zresxj
dfA6I/ZBvBINt7VJKxLgE18XGOiqq5TmlI4iadXv2umMBl8QAKuhA8qLBQDUdZx6
XWKO4w3xqPtzJ0fDX8OHopb0+QBtyUuxFAX+uFX0mpWbxkzjcEUxf16zN5EUwDD2
5c8Q7POoWKQWu1pA6JtBpkoPYTpdbg7lm+YIhonZLWdKduaaUXRjtRrbNRTvMZqq
dMNn1WSQzrT8/81CitcETIof1G/XA/ktwWDIqzPBgofyja/ffbOLf3V6GieqcaJK
oCaowBZeT1cSBw+xrpEIFiVywFFWbv0f5qWW0yOvYI2YVeckkcsJnsF19quAEgck
8zWOgaZJV8JTj0AmuvE1lqBIRBy3OVl/t7FiQ+0wduytN2U9EOvqaxoKlQARAQAB
zShKb2huIEJyZXRvbiA8am9obi5icmV0b25AY2Fub25pbmNhbC5jb20+wsGXBBMB
CgBBFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmdQrXICGwMFCQWjmoAFCwkIBwIC
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ8pSCVQZYHygLpQ/9E+KzsXCYkHVtcHmq
S/Qyul2l3DID1Skl/4cuL33s8sQC+XQZxXCIYeXkDOhiDsx+cPwCB20c4GhMRkCw
kuefTI4vOg50HhcyuKVfm6WvETWMSEYXjM4lnVuRBNkn+XsfmRG9EPk1bIlwjl0L
SNY4zKvYAG9C8MZCyC2+Qz+9HQBR+0kR4Xc8Ei+PVHyuGJfdQN+b5lFghXG6zjKr
x0tMWpbh9pFpd0zIpWWNMtmiJQgb8nbxrY6KEdqzi3Jqc/1H0zN1+EpmIq3JNcKV
Icol4Y7tnqrkMe4Z2vhcYNdm6KyA7RqBJagYfjDKw2ZFyoZGVasbQb9mlFLHEU2p
joDq7wDrI2K4RLNen4XjxOfMVG+W7XQO4CmTLZUyEUVNRy6JLepYz8EHGeaDTAnq
OsIEDYnqYyHpweK1eZqhlJNNv6QquPqBS/jptGApkcgszH7I3pOhRVlZSRX4JRSm
DhulXJEpPv6dGSCOZsMtsLnKRinIt/LHAsgTYLvSJixQKN2Ji3hoQVufoCKI+Qs7
hWu5L3DHxCa7j5ta3kVyrtzXM1kltvd1vAuCGdO0dhI+nZOJ67D4F+BwiTDyWNOC
zM0mnHR63mC3phV6uQp2a5UzNsZFeb8l0RvhMWighQOj7pBgf8t3YNKxFb5j+p6Q
LaY1OCQl3/uho8dB5ySgLLU1hcnCwYMEMAEKAC0WIQTIwMc5MbRgflSxqMjylIJV
BlgfKAUCZ31mgw8dIHR5cG8gaW4gZW1haWwACgkQ8pSCVQZYHygw8w/9EMfmrGvD
oW0WrRc1+0LPKUjGvD/1iCmQ0b3iKJp5rtBEsKIXUKGLMKEi/KvJ1SUNqfGR4Dj9
rmrAYDX2f6roqx/YkqTfqABeYG1kHFHXfgCnxzDbIR6ZZYWKXmYjXgQgYwloJFeg
cot9/9Bims6k+zgZEtH/bxvULWerEuvkHaZiMsdOHzsiC/VdSXsW2RrH8V5cDH3Q
DRsB4YTP/9gdpWprthCWsk2AJUEj/uZNmkuCmRcfxyG4mRUxnFECU0dt1wd+XRmQ
0H8lKrz1hzKJdRh2qjU/4Debf08NDqBzBktaphlPMjXlqPAvIP5NXWAvRFJm27OS
LbYZtb32d2pGtu0ad0HI/B8Dqsv1x0TtUL5ymlnjaqXkajoaE7DWzL6XKsY5KStS
Eyhy/EC3dskBTLr9lPLBTGzkAFkGAjB/+H2saaleIKctrwjOgD0srr9YvDBduPZJ
yE03wEf3ensE6KZmc+HxBFxXz2AIQQKW/lVUC+UPmsb/8FWwmqcwJqczDHdIblEF
d4OPU2u2Go1qK0GQf2RddBj2SxN05ZvqJ0iw3cRAl5phXiLzro1aLYoum+lJrtNH
TQJeFJIyWe+dx/3BcQ42shzh7ap2Ipn9VGNf/EH17kJ97gRejbHN9XnfmM2MzRqs
HFAsaBAd8yZJYDsxR+rnN7/KjDGiWOnROHrNN0pvaG4gQnJldG9uIChjb3JyZWN0
IGVtYWlsKSA8am9obi5icmV0b25AY2Fub25pY2FsLmNvbT7CwZcEEwEKAEEWIQTI
wMc5MbRgflSxqMjylIJVBlgfKAUCZ31l3AIbAwUJBaOagAULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRDylIJVBlgfKKoVD/97VtPeqs8Qg84l3Ca83FZIa3Hd
GcRCdhGR0dZ3P1xwMnfk3phFyvewSIPYD+bJDlX97z1gxNUnt0GPvpTYyjAL4uVe
Yxb0jY68aUtZ6zBccKXDy+jR/8OxWgU9Ulip+LTumVuq8OD6sWIj44hzuSmdH3eC
kzsqj6f5ay8SG5BR1EPJjJnAysrWlJx5j95kep+an/19+rto0t5ZGAfbmHHNPExj
JbkQnTra88nUiIKRWuwyG3X2kvxL392BYm7S6cxoMADtrkS2ZSogLBBrddIL5Jfb
tyS7R5gng7Uy3MTXlwZL6WYNwFX3bAk01DYV2sOn9hFG0Xh/aGx26PFw2I/YA76x
AdHXcxdb+1JwTu+REOSMuvEb0M0N+anEsrWvV4BcY/UgShgtEE5+3OT6dKl62g8v
1G/jrXNz6cwbqiJoWi0U6gwsS4zgi8pXO8iCKSLMbf8/kfH1Yo0mSGGtTqt9gotU
ULM/snjT3Fb4me/VcVkqOW0viwCMyp6NXdgbAnd+3Lxk9JQgn8Z9FqLIojE7Qjzm
aHHK3syhGjcmLmfTFaEpbqOon5iPPjdYgmz1+FAWxekU1M53yoFed0jZEt132aHT
Vz5IsJNu6aDmDbxGKARBk6+PPSDl/D5ExPUEX2TSo648lCSNP03NVlR5mToPVXxJ
1rJ/JjmcDg1VqAaKLM7BTQRnUz5jARAAvhXhR4FxcGnlv0lmEa+WL+5Sf/ygpFm5
tFHnyXJWQA3nXCJNGkibvCM03iyY8cax6MwLG0faQ9xEqu1vphigyj8kdpAcGkIn
ezZWyy2e4XpWg7R3CJXRO/teGpCjxkrJ462NwQD2qFAbxe5MzgyzsmKoeEigUmod
2QGzT4nGRqdAklZ/byMAVs+eyF7X+7hUERCgHATpMELvgcSQdUV/lgrQX0g/UV+9
1CtLlTZ5RYHOlqJEb/2VBkKqXP821UV+wScwmAWOIXHRuGsqzyIb2ZB1/VLhEFEM
xxsr+nrgjuzOWS2/jXrn9fSHMYlmW3TGmX9+53UNXhtsyT2FFYOc7SzwEwUDqadW
johTv3slOj2vsAIW6NFQY2TjjleZFm3lQPiNDtuWZlmL3Qxz5/TDqTrSb5FHJIEN
81R8OYXzy4QDPJKm553ZKOfGKvhj3DV8BlzRJ83nZ3VcduBlnCMv1SMh8wdf39jI
F33JTUqjhIuZHzs+VEYofORH+Q8witwCctH5tiJL9i5feAL04bKxH7wsnnwSl9kE
eh/okSLWIglZ1JYJov/8hAnlx65DhYuBuX7s6YDaN6bcEBjJcHFQSILzFz1ulaI1
Vp17Nufsb2gOTBX8wK5K1RBP717r48P4GCHzXK8dnWuFnWAPsiJ2K74aPQ3Ei0N7
4pNp1IfxB4cAEQEAAcLBdgQYAQoAIBYhBMjAxzkxtGB+VLGoyPKUglUGWB8oBQJn
Uz5jAhsMAAoJEPKUglUGWB8o5dkP/28eg2EoE/+/svXsQ/apsYClkvuvVUsB6klm
HWz1B8S4kRJzwDmF2CUvttNT8PDXARdXaExxYFWU4DrptJNTwCkxMYGJOBCXAnVb
T9CXFSe2Uz4Gopb55cmWE/xGPWzeBlnt7A3ImJjYI04C2cPXOF8hceGd9mg6hV23
Fj9q2FdAgO82D4k+HRixhkH0Rk/bHc9a0FKKUUbv97gGTmHo6K4idPHeBobZYYYO
0AS/H0t/ea5Ty5+sDu3O2fjecou6L1dgW6oFK68Tep3Vz+sxI3JVTLMcxNh/hxxk
pTvtREFc/6Zo+PFLhuPkbAPJeZvZSG1viHkvxCfPuvySDTvi/htf3TiM9yEWgUkS
iDQAy4upf/a0B+t3BSapndFNsT+8j5UinY7ux8HiGrhO5t7Br3EMmpvgStkB4v57
LkNXiwkc899ZYlC1lFOTbVgHI4uH3GTWxVjGxZoq3Bda3JTDxTpC+PM+jK5cWDbO
/bieXm+zeA8/Go7vSE4kbj4tDEWpXhcnj7uc274xMepQIaPSEP32jPkDUzwD1804
GaJXC/ChkMykYmdEORRH4EfLlS9W+pBuFtktNhWGwdIVaOqVHMDi3jncz1sBsveC
Nwtt7tlhxUEPfMUiH8NznH2aeFll7obgX6/yu0Vg6h+d7HBIwY9WdXyMqm/rWATk
X5TWH5FT
=NpqL
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmeShC0FAwAAAAAACgkQ8pSCVQZYHyhv
OA/+MsHWEYZoJCIbrNCrMRHJCJM23y5OaEXlJXHZDUejL6YW6NPTgxoUxx45yAyOihinJeOK6drA
SEW9f1lPXrxYfoIFmKPWiMMuqEH6Z5FDpR9/lDuWDyAW3CmCyMW9MqT5giQOtc4ty5owa/UA2QYO
W9TF58tGpBdu5tB9BCmNH5yTK8ILsTu2pEMVMxadWbdtwQ8UlrjN7DHKzrtHEvgAqoLJvPwQ41iZ
Klua3XPzww+u18LTKrr2uxQHwslRiC1Ox9m+jIkIHYGZ2keJnnjc7m+yMayjs2xQNzqOUynmduBq
E2JHq4pc12BpqkUwrYzIjdhs4v5sLaR5K8HxhFoatqt0wjgwaiLe2PLWVnqPH+FLhFtBgQu9WUIG
5k94d6/KQvW7xUrUranxnUHfMLs76EjdByUJWMAZoYTil5C5Rp5emST2oTN8Nf0IIkyQyJWJtInM
aB0YGi/WFJsCajU4WNslIZPPFmHzh+XF50uwxNNxRfg4gsPos7p/6UYqV6L14gFI/0wmJ8Tk1wvt
8TEwL56AGEmJUDoBiP+m02R6eIwlb2dt8Pwo4J0602UIo4OgFwU5lv6FIVJFgizTocvCPli2pE1a
Pp4z+4pZCPGvNVZ+PxbN+7f3v4/cReFyyViipxgCzsgUqVvpLScT6g095+R6kKQpyfULF6sHr7Oz
3p0=
=TqFE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7224-1
January 22, 2025
cyrus-imapd vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Cyrus IMAP Server.
Software Description:
- cyrus-imapd: An IMAP server
Details:
It was discovered that non-authentication-related HTTP requests could be
interpreted in an authentication context by a Cyrus IMAP Server when
multiple requests arrived over the same connection. An unauthenticated
attacker could possibly use this issue to perform a privilege escalation
attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928)
Matthew Horsfall discovered that Cyrus IMAP Server utilized a poor string
hashing algorithm that could be abused to control where data was being
stored. An attacker could possibly use this issue to perform a denial of
service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-33582)
Damian Poddebniak discovered that Cyrus IMAP Server could interpret
specially crafted commands to exploit a memory issue. An authenticated
attacker could possibly use this issue to perform a denial of service.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-34055)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cyrus-admin 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-caldav 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-clients 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-common 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-dev 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-imapd 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-murder 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-nntpd 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-pop3d 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-replication 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
cyrus-admin 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-caldav 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-clients 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-common 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-dev 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-imapd 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-murder 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-nntpd 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-pop3d 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
cyrus-replication 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.4.3-3ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
cyrus-caldav 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-clients 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-common 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-dev 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-imapd 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-murder 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-nntpd 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-pop3d 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
cyrus-replication 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
libcyrus-imap-perl 3.0.13-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
cyrus-caldav 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-clients 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-common 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-dev 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-imapd 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-murder 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-nntpd 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-pop3d 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
cyrus-replication 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
libcyrus-imap-perl 2.5.10-3ubuntu1.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7224-1
CVE-2019-18928, CVE-2021-33582, CVE-2024-34055
No comments:
Post a Comment