LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:037: cyrus-imapd Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:037
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cyrus-imapd
 Date    : March 23, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in cyrus-imapd:
 
 The index_get_ids function in index.c in imapd in Cyrus IMAP Server
 before 2.4.11, when server-side threading is enabled, allows remote
 attackers to cause a denial of service (NULL pointer dereference and
 daemon crash) via a crafted References header in an e-mail message
 (CVE-2011-3481).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3481
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 ff7b707f8503a52f3467c76cdc106ba0  2010.1/i586/cyrus-imapd-2.3.15-10.4mdv2010.2.i586.rpm
 daefe2c80fc7145df902c43dbf5ad50d  2010.1/i586/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.i586.rpm
 e41ea7bf9c749026d4cd6516f6feeaf5  2010.1/i586/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.i586.rpm
 fb6e2825a8824598ee5ae2aadd7fa12a  2010.1/i586/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.i586.rpm
 ebd016a661dfa7bdc042fc9140f61dd9  2010.1/i586/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.i586.rpm
 7888ab862ca17b0c55ad3fc52da1d858  2010.1/i586/perl-Cyrus-2.3.15-10.4mdv2010.2.i586.rpm 
 1b4c9cf68d17d2cab8dcab01255a1ac2  2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 839604c4fe14a2ed84a32e810592119d  2010.1/x86_64/cyrus-imapd-2.3.15-10.4mdv2010.2.x86_64.rpm
 b3596d7e78caf7b1005948a462e70785  2010.1/x86_64/cyrus-imapd-devel-2.3.15-10.4mdv2010.2.x86_64.rpm
 ae18e2b89957dd50dbb6d284df8fa96e  2010.1/x86_64/cyrus-imapd-murder-2.3.15-10.4mdv2010.2.x86_64.rpm
 049293e08b36cb86adb51b7f4eabae7f  2010.1/x86_64/cyrus-imapd-nntp-2.3.15-10.4mdv2010.2.x86_64.rpm
 6670e23271557683218681c812dc3b52  2010.1/x86_64/cyrus-imapd-utils-2.3.15-10.4mdv2010.2.x86_64.rpm
 ed418a8cd77a041e1a060f97715fd489  2010.1/x86_64/perl-Cyrus-2.3.15-10.4mdv2010.2.x86_64.rpm 
 1b4c9cf68d17d2cab8dcab01255a1ac2  2010.1/SRPMS/cyrus-imapd-2.3.15-10.4mdv2010.2.src.rpm

 Mandriva Linux 2011:
 671d5fab777fe892fdb17f746c0911af  2011/i586/cyrus-imapd-2.3.16-7.2-mdv2011.0.i586.rpm
 684c26b361c8cfa2ea2f2904a4eb1c9a  2011/i586/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.i586.rpm
 fbcce805ef0ff3450191f42a2c03239d  2011/i586/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.i586.rpm
 7bd6dddf40fee59fa1e205a1381cb55c  2011/i586/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.i586.rpm
 2e30c67b93cd77e0b93375d52c6ba3fd  2011/i586/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.i586.rpm
 3b419c6a279bcd7014785ac08190a7a3  2011/i586/perl-Cyrus-2.3.16-7.2-mdv2011.0.i586.rpm 
 ae4016358f3fb65f8848e7dfacfe51b8  2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm

 Mandriva Linux 2011/X86_64:
 c2d51a8608ec4b4e60dbf519efeb27a4  2011/x86_64/cyrus-imapd-2.3.16-7.2-mdv2011.0.x86_64.rpm
 987ba5349ff108ecdd9196fc04a129b6  2011/x86_64/cyrus-imapd-devel-2.3.16-7.2-mdv2011.0.x86_64.rpm
 7280d308aeacd0c4a42cfb8fa81d98ef  2011/x86_64/cyrus-imapd-murder-2.3.16-7.2-mdv2011.0.x86_64.rpm
 d87a595ef6b0c8ac1e33b95bc80a4b26  2011/x86_64/cyrus-imapd-nntp-2.3.16-7.2-mdv2011.0.x86_64.rpm
 78103c0c3e65bec8b0e74cb0646da2de  2011/x86_64/cyrus-imapd-utils-2.3.16-7.2-mdv2011.0.x86_64.rpm
 708d80352c941535db1543235212587f  2011/x86_64/perl-Cyrus-2.3.16-7.2-mdv2011.0.x86_64.rpm 
 ae4016358f3fb65f8848e7dfacfe51b8  2011/SRPMS/cyrus-imapd-2.3.16-7.2.src.rpm

 Mandriva Enterprise Server 5:
 c3a25d81605b459b404904d8796d9371  mes5/i586/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
 8041c5f3799dce70901249eb1785d4a3  mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
 c6b4f04e130aac5fabc2fa292634bb17  mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
 adc9eead0e01c35a3e7d6f8b229ed3e8  mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
 f308073537087528015e1055733681c9  mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm
 db3487fafeba5b0b2382ccc02634965c  mes5/i586/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.i586.rpm 
 ad67978598b453b082cd41fc0ee523dc  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 19410e71050d4c838089ec0a2e903812  mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
 4cb70d841875aaf93a190b5fa9880467  mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
 ddd5ca10ccf664eb339eb82d33c92359  mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
 72a0bf64084c54108b9195d296e75908  mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
 f2e109e2aafcdf58e5eb8d60ed9e965f  mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm
 137056e0d077cfb799a70d1249d0a45f  mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.4mdvmes5.2.x86_64.rpm 
 ad67978598b453b082cd41fc0ee523dc  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.