cyrus-imapd-3.0.7-20.el8.1

エラータID: AXSA:2021-2426:03

Release date: 
Tuesday, September 21, 2021 - 10:57
Subject: 
cyrus-imapd-3.0.7-20.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols.

Security Fix(es):

* cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-33582
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. cyrus-imapd-3.0.7-20.el8.1.src.rpm
    MD5: 16ccabfd87f7d9ff71b028c03441cddf
    SHA-256: 819b7afd8e24104d8e9e06bd4246e139b499cd0a1b7d6b7b9b785bd6e1324114
    Size: 10.27 MB

Asianux Server 8 for x86_64
  1. cyrus-imapd-3.0.7-20.el8.1.x86_64.rpm
    MD5: a712aa93551615320b9b336224f71f05
    SHA-256: 552880b69e3d0ead105e204314f956901a004f85fd9d7acd8f2c82db90c6a2e2
    Size: 1.66 MB
  2. cyrus-imapd-utils-3.0.7-20.el8.1.x86_64.rpm
    MD5: 70eba2481cf43ec1a0f045bd822e661d
    SHA-256: bca6e5c8e7831290fc9903ac04253f9c8131a124f7d73942cff32f15992dbf0b
    Size: 643.19 kB
  3. cyrus-imapd-vzic-3.0.7-20.el8.1.x86_64.rpm
    MD5: f53fb4679638ea0b2c12765abaa56b15
    SHA-256: 7e78b01267de5c63e3b055bc1b4f5e2a22010c69e50d840c911e30c5813c876b
    Size: 43.62 kB
  4. cyrus-imapd-3.0.7-20.el8.1.i686.rpm
    MD5: 167c1528748d52453bcd3b7be2dfd02f
    SHA-256: cf467dad822d733a1e0160e3afe1bc6d3563338395230535600fb1430661f1cf
    Size: 1.75 MB