Endpoint Vulnerability

RHSA-2020:4655: cyrus-imapd security update (Moderate)

Description

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix(es): * cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928) * cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks (CVE-2019-19783) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Affected Products

cyrus-imapd