LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: cyrus-imapd-2.3.15-1.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Fixed multiple stack-based buffer overflows in libsieve, which allowed context- dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9869
2009-09-24 04:15:03
--------------------------------------------------------------------------------

Name        : cyrus-imapd
Product     : Fedora 10
Version     : 2.3.15
Release     : 1.fc10
URL         : http://cyrusimap.web.cmu.edu/
Summary     : A high-performance mail server with IMAP, POP3, NNTP and SIEVE support
Description :
The cyrus-imapd package contains the core of the Cyrus IMAP server.
It is a scaleable enterprise mail system designed for use from
small to large enterprise environments using standards-based
internet mail technologies.

A full Cyrus IMAP implementation allows a seamless mail and bulletin
board environment to be set up across multiple servers. It differs from
other IMAP server implementations in that it is run on "sealed"
servers, where users are not normally permitted to log in and have no
system account on the server. The mailbox database is stored in parts
of the filesystem that are private to the Cyrus IMAP server. All user
access to mail is through software using the IMAP, POP3 or KPOP
protocols. It also includes support for virtual domains, NNTP,
mailbox annotations, and much more. The private mailbox database design
gives the server large advantages in efficiency, scalability and
administratability. Multiple concurrent read/write connections to the
same mailbox are permitted. The server supports access control lists on
mailboxes and storage quotas on mailbox hierarchies.

The Cyrus IMAP server supports the IMAP4rev1 protocol described
in RFC 3501. IMAP4rev1 has been approved as a proposed standard.
It supports any authentication mechanism available from the SASL
library, imaps/pop3s/nntps (IMAP/POP3/NNTP encrypted using SSL and
TLSv1) can be used for security. The server supports single instance
store where possible when an email message is addressed to multiple
recipients, SIEVE provides server side email filtering.

--------------------------------------------------------------------------------
Update Information:

Fixed multiple stack-based buffer overflows in libsieve, which allowed context-
dependent attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted SIEVE script.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 18 2009 Michal Hlavinka  - 2.3.15-1
- fix another buffer overflow in cyrus sieve (CVE-2009-3235)
* Mon Sep  7 2009 Michal Hlavinka  - 2.3.14-2
- fix buffer overflow in cyrus sieve (#521010)
* Tue May 26 2009 Michal Hlavinka  - 2.3.14-1
- updated to 2.3.14
- spec clean-up
* Mon Feb  2 2009 Michal Hlavinka  - 2.3.13-3
- fix directory ownership
* Wed Jan 21 2009 Michal Hlavinka  - 2.3.13-2
- fix: #480138 - assertion failed: libcyr_cfg.c: cyrus_options[opt].opt == opt
* Tue Jan 13 2009 Michal Hlavinka  - 2.3.13-1
- updated to 2.3.13
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #523910 - CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=523910
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cyrus-imapd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.