The cyrus-imapd packages contain a high-performance mail server with IMAP,POP3, NNTP, and Sieve support.An authentication bypass flaw was found in the cyrus-imapd NNTP server,nntpd. A remote user able to use the nntpd service could use this flaw toread or post newsgroup messages on an NNTP server configured to requireuser authentication, without providing valid authentication credentials.(CVE-2011-3372)A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server,imapd. A remote attacker could send a specially-crafted mail message to avictim that would possibly prevent them from accessing their mail normally,if they were using an IMAP client that relies on the server threading IMAPfeature. (CVE-2011-3481)Red Hat would like to thank the Cyrus IMAP project for reporting theCVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of SecuniaResearch as the original reporter of CVE-2011-3372.Users of cyrus-imapd are advised to upgrade to these updated packages,which contain backported patches to correct these issues. After installingthe update, cyrus-imapd will be restarted automatically.