Get the LinuxSecurity news you want faster with RSS
Powered By
Mandrake: Updated cyrus-imapd packages
Posted by Benjamin D. Thomas
Several overruns have been fixed in the IMAP annote extension as well
as in cached header handling which can be run by an authenticated
user. As well, additional bounds checking in fetchnews was improved
to avoid exploitation by a peer news admin.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cyrus-imapd
Advisory ID: MDKSA-2005:051
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
Several overruns have been fixed in the IMAP annote extension as well
as in cached header handling which can be run by an authenticated
user. As well, additional bounds checking in fetchnews was improved
to avoid exploitation by a peer news admin.
_______________________________________________________________________
References:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
15b7624cdc9037f9c4e79c600073ecf8 10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
05600c038393a440b049b61e561221c3 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
785c6f762ef8653dbd94820b0b6381a1 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
c11e66f88672e11d1702725479a7f0d5 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
71aa4e964c66ad49b2ae669cbb6e9bd1 10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
ffeeb4eb0f65ca39e11c180601a35d68 10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
e8c78f838cca93171d2f8cd5c8c9a879 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
e5477d6d98bc82e9ab8c1a839055cc43 amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
a89538a6bc145fec9e2b6b17e37d2e5e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
52b24414eee9d6fea4fe2ddf4f27bd1f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
f802162383bf61b4d9187e180b2c2bf1 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
ffeeb4eb0f65ca39e11c180601a35d68 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm
Mandrakelinux 10.1:
f6cdca31a854112c2ca5f74776776f1c 10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
8b5794bf11f4b7999830efa69e2d28f8 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
4c11340d7e1f25bd0ab640a6d716ddd0 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
0f0e1f74726f916c0e34f2d297f7fb98 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
e336fb5ddea4b2b97e91aad061293160 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
3a9335988510ec620e6a111f92aefb48 10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
525da02530ca95c483aca8267b759219 10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
230bb0fcbe79666f2e7a58d86320277e x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
7b9c9cd889f294a04952d6e4491ac8bf x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
d859ab07c750bfdfd50f770bd7e3c54d x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
1b88303a5c38ebf4dfff3867d95db3cf x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
82ae917972b5cf748d7ba2401da0ec83 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
b8c33ab3333f8c6757bc554f1b735d8f x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
525da02530ca95c483aca8267b759219 x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm
Corporate 3.0:
5f9b9b9352a4bf01e1d7d60bc0b2acd4 corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
611e40f49b42c9bef517f577ae84e118 corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
c5a7d27fec6bf10bc5a423d5228c3c97 corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
ddaafa645b1052c4008805a6755983c6 corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
00b8785bd521991143ab1dac0d5862c1 corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
709aa090996e807f3370552cb810f15e corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
b6b638cfe6bffc99873d5ee0b0fcd8d0 x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
2f4d38c95aaf387e3d60c3ccf5fa16eb x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
47e1de6c31502c7b799eff36a555b5bd x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
dfbb236b3d834829b29ddcb49a0261b0 x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
74c7c8947715bf3c911b691afc46c8ea x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
709aa090996e807f3370552cb810f15e x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
