Date: 25 Nov 2004 22:17:03 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cyrus-imapd
Advisory ID: MDKSA-2004:139
Date: November 25th, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities in the Cyrus-IMAP server were found by
Stefan Esser. Due to insufficient checking within the argument
parser of the 'partial' and 'fetch' commands, a buffer overflow could
be exploited to execute arbitrary attacker-supplied code. Another
exploitable buffer overflow could be triggered in situations when
memory allocation files.
The provided packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
d24a96383803817c7bc4873eddd788c5 10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
4e2abc98c3467167e7d1e80c8673e627 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
c86e00c698a0c1c6a86b72822822a21d 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
7ad76d69b422fe93b819290dbb19d9c3 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
96fd3591c761678893f43e86579a126d 10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
89a64ea4af5fb2b3867e15abe1f38813 10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8c0a0ae9b8af0e852ff537790bb78b79 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
54e359a8a63cf94d35cdda65455d8c2a amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
560d64e9c9db0f0aa7d20223b525a30e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
f283e5fa417f62422cceed597972158f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
547ae80ca8ef2a37f6afd877bc89b324 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
89a64ea4af5fb2b3867e15abe1f38813 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm
Mandrakelinux 10.1:
d8789ade849ca9fa4ca29320c538ec7d 10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
2d10d7a5405712dc6fa60e0c751e6935 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
a9bb0d482e65acfc4c0b55aa8449e61c 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
5bd8c7ea1891db4d8eb9dd691480a0df 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
6a62e104fd24f40b85b673529aa82b38 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
865c36af331c9bd111fd20d0d777a674 10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
031465e275846f22279d4817f3b2a12d 10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
14302a4c19f67e797cf02278c2ac42c6 x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
b4e6c99bfdeac90e16475eec2e651b0e x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
38a0a974e95c96787bc857bb358afa84 x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
bf5d0e23fa0a4ebbd1a46277621a4bb8 x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
b9f2f06d42079cb81221688d46c34446 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
f71573be7c4c32bf330ea105dff7df8b x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
031465e275846f22279d4817f3b2a12d x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBplnemqjQ0CJFipgRApbUAJ983C6D2j81TXcJc1N2Kz8Gk4jAPACeNsKQ
6pyLvL8CtlWKztkm1J3yzu4=
=N1Yf
-----END PGP SIGNATURE-----