Cyrus IMAP Server: Multiple vulnerabilities — GLSA 201110-16

The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a Denial of Service.

Affected Packages

net-mail/cyrus-imapd on all architectures
Affected versions < 2.4.12
Unaffected versions >= 2.4.12

Background

The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server.

Description

Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details.

Impact

An unauthenticated local or remote attacker may be able to execute arbitrary code with the privileges of the Cyrus IMAP Server process or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Cyrus IMAP Server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12"
 

References

Release Date
October 22, 2011

Latest Revision
October 22, 2011: 1

Severity
high

Exploitable
local, remote

Bugzilla entries