To: [email protected]Subject: [ MDVSA-2009:064 ] imap
Date: Tue, 03 Mar 2009 16:49:00 +0100
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LeWrc-00045h-MF@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:064
http://www.mandriva.com/security/
_______________________________________________________________________
Package : imap
Date : March 2, 2009
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in University
of Washington IMAP Toolkit which could allow local users to gain
privileges by specifying incorrect folder name (CVE-2008-5005).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
35d1595673a4b729cd9c3c4d31d51417 corporate/3.0/i586/imap-2002d-8.4.C30mdk.i586.rpm
9c7b39600c42ee3f77e7cb2e2646eadd corporate/3.0/i586/imap-devel-2002d-8.4.C30mdk.i586.rpm
3687a88d8791bcf26e54e4d3dee5e0b1 corporate/3.0/i586/imap-utils-2002d-8.4.C30mdk.i586.rpm
cd3862f4498e8302be7290f20d1bcce8 corporate/3.0/SRPMS/imap-2002d-8.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
8a616b9dff2145f6e4723a5078e6be1a corporate/3.0/x86_64/imap-2002d-8.4.C30mdk.x86_64.rpm
eeb9a45bc92829002597be3e9161b817 corporate/3.0/x86_64/imap-devel-2002d-8.4.C30mdk.x86_64.rpm
021365d905793a741f61f6b6268a9180 corporate/3.0/x86_64/imap-utils-2002d-8.4.C30mdk.x86_64.rpm
cd3862f4498e8302be7290f20d1bcce8 corporate/3.0/SRPMS/imap-2002d-8.4.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrSbqmqjQ0CJFipgRAl4XAKCeE+i92gy99kpsSsMYp5wvyDBw3QCeIQE2
7PEnhLayn952fpLnPdC4iA8=
=XUWu
-----END PGP SIGNATURE-----