First Last Prev Next    This bug is not in your last search results.
Bug 954201 - (CVE-2015-8078) VUL-0: CVE-2015-8078: cyrus-imapd: Integer overflow in index_urlfetch
(CVE-2015-8078)
VUL-0: CVE-2015-8078: cyrus-imapd: Integer overflow in index_urlfetch
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/158572/
CVSSv2:SUSE:CVE-2015-8077:5.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-09 08:46 UTC by Sebastian Krahmer
Modified: 2016-08-01 09:04 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2015-11-09 23:00:33 UTC 
bugbot adjusting priority
Comment 2 Aeneas Jaißle 2015-11-15 17:30:05 UTC 
Created SR#344607 for openSUSE_13.2 and openSUSE_Leap_42.1 (both containing patches for cyrus-imapd 2.4).

Created SR#344608 for openSUSE_Tumleweed (containing cyrus-imapd 2.4)


Does this issue also affect cyrus-imapd 2.3?
Comment 3 Bernhard Wiedemann 2015-11-15 18:00:31 UTC 
This is an autogenerated message for OBS integration:
This bug (954201) was mentioned in
https://build.opensuse.org/request/show/344607 13.2+Leap:42.1 / cyrus-imapd.openSUSE_Leap_42.1_Update+cyrus-imapd_13.2
Comment 4 Johannes Segitz 2015-11-20 15:05:08 UTC 
(In reply to Aeneas Jaißle from comment #2)
Looks like it. The the check that was fixed here was introduced by

commit c21e179c1f6b968fe69bebe079176714e511587b
Author: ellie timoney 
Date:   Fri Jun 26 11:24:38 2015 +1000

    urlfetch: extra paranoia

Before this "extra paranoia" there was no check at all, so we probably should include it.
Comment 5 Swamp Workflow Management 2015-11-27 16:16:43 UTC 
openSUSE-SU-2015:2130-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 954200,954201
CVE References: CVE-2015-8077,CVE-2015-8078
Sources used:
openSUSE Leap 42.1 (src):    cyrus-imapd-2.4.18-3.1
openSUSE 13.2 (src):    cyrus-imapd-2.4.18-2.10.1
Comment 6 Marcus Meissner 2015-12-02 14:16:47 UTC 
affectes sle10, sle11 and sle12 too.
Comment 8 Swamp Workflow Management 2016-05-30 09:17:23 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62790
Comment 9 Swamp Workflow Management 2016-05-31 20:08:12 UTC 
SUSE-SU-2016:1457-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 860611,901748,954200,954201,981670
CVE References: CVE-2014-3566,CVE-2015-8076,CVE-2015-8077,CVE-2015-8078
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    cyrus-imapd-2.3.18-37.1
SUSE Linux Enterprise Server 12 (src):    cyrus-imapd-2.3.18-37.1
Comment 10 Swamp Workflow Management 2016-06-01 10:08:31 UTC 
SUSE-SU-2016:1459-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 860611,901748,954200,954201,981670
CVE References: CVE-2014-3566,CVE-2015-8076,CVE-2015-8077,CVE-2015-8078
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    cyrus-imapd-2.3.11-60.65.67.1
SUSE Linux Enterprise Server 11-SP4 (src):    cyrus-imapd-2.3.11-60.65.67.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    cyrus-imapd-2.3.11-60.65.67.1
Comment 11 Marcus Meissner 2016-06-24 14:08:08 UTC 
released
First Last Prev Next    This bug is not in your last search results.