LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora: cyrus-imapd-2.2.10-3.fc3 update Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Fedora The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem. If the main configuration files for cyrus-imapd

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-508
2004-12-03
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : cyrus-imapd
Version     : 2.2.10
Release     : 3.fc3
Summary     : A high-performance mail server with IMAP, POP3, NNTP and SIEVE support.
Description :
The cyrus-imapd package contains the core of the Cyrus IMAP server.
It is a scaleable enterprise mail system designed for use from
small to large enterprise environments using standards-based
internet mail technologies.

A full Cyrus IMAP implementation allows a seamless mail and bulletin
board environment to be set up across multiple servers. It differs from
other IMAP server implementations in that it is run on "sealed"
servers, where users are not normally permitted to log in. The mailbox
database is stored in parts of the filesystem that are private to the
Cyrus IMAP server. All user access to mail is through software using
the IMAP, POP3, or KPOP protocols. TLSv1 and SSL are supported for
security.

---------------------------------------------------------------------
Update Information:

The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits
revealed a package installation problem. If the main configuration
files for cyrus-imapd

        /etc/imapd.conf
        /etc/cyrus.conf

had been locally modified for site specific purposes those changes
could be overwritten when the new updated version is installed causing
the package to lose its local configuration and behavior. Actually,
the old version the configuration files should have been preserved in
backup copies with the .rpmsave extension if the config file in the
new rpm version was different from the version in the previous rpm.

If you upgraded to cyrus-imapd-2.2.10-1.fc3 you may want to
verify the contents of these configuration files against any .rpmsave
backup copies and copy over any configuration edits.

This version of the cyrus-imapd package is identical to
cyrus-imapd-2.2.10-1.fc3 with the single exception that those
configuration files are marked as "noreplace" which means rpm will not
replace them in favor of the new rpm version, instead it will preserve
the existing version of the config file and create a copy with the
extension .rpmnew, if and only if the config file changed. This is
more friendly to existing installations.

If you have not yet installed cyrus-imapd-2.2.10-1.fc3 we
suggest you skip that version of the package and install
cyrus-imapd-2.2.10-3.fc3 instead. This eliminates the
potential to lose configuration changes.

---------------------------------------------------------------------
* Thu Dec 02 2004 John Dennis  2.2.10-3.fc3

- fix bug #141673, dup of bug #141470
  Also make cyrus.conf noreplace in addition to imapd.conf
  Remove the verify overrides on the noreplace config files,
  we do want config file changes visible when verifying

* Wed Dec 01 2004 John Dennis  2.2.10-2.fc3

- fix bug #141470, make imapd.conf a noreplace config file


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

b6ffc7769e621b535cf74df7c0bc2455  SRPMS/cyrus-imapd-2.2.10-3.fc3.src.rpm
c0243bcd1c108bd97c3648b7d31981bf  x86_64/cyrus-imapd-2.2.10-3.fc3.x86_64.rpm
ce6b62584019396df7f457667a0339f6  x86_64/cyrus-imapd-murder-2.2.10-3.fc3.x86_64.rpm
5281ca2aaac865e5056f3b5c11e45dd6  x86_64/cyrus-imapd-nntp-2.2.10-3.fc3.x86_64.rpm
edace435dae2d94acd7a35269810187e  x86_64/cyrus-imapd-devel-2.2.10-3.fc3.x86_64.rpm
f38443ae63d098228472437f27ef6ce0  x86_64/perl-Cyrus-2.2.10-3.fc3.x86_64.rpm
2f72c693bd4e825c858b5a1fddcdef95  x86_64/cyrus-imapd-utils-2.2.10-3.fc3.x86_64.rpm
3c4dbaf31a39b6edbddd02b6459ad36c  i386/cyrus-imapd-2.2.10-3.fc3.i386.rpm
d7a5e88bb44f732f2a695c271134c390  i386/cyrus-imapd-murder-2.2.10-3.fc3.i386.rpm
953fdc9e070fec6f5f1650d9b479f0fe  i386/cyrus-imapd-nntp-2.2.10-3.fc3.i386.rpm
bd318d5c9492eb058bed06f102ce0357  i386/cyrus-imapd-devel-2.2.10-3.fc3.i386.rpm
eebad674e96635ae870c3353430d4001  i386/perl-Cyrus-2.2.10-3.fc3.i386.rpm
70bbffe37a2b305f1af2cc973eaaeaed  i386/cyrus-imapd-utils-2.2.10-3.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
John Dennis 

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.