Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 25 Nov 2004 22:17:03 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-imapd
 Advisory ID:            MDKSA-2004:139
 Date:                   November 25th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities in the Cyrus-IMAP server were found by
 Stefan Esser.  Due to insufficient checking within the argument
 parser of the 'partial' and 'fetch' commands, a buffer overflow could
 be exploited to execute arbitrary attacker-supplied code.  Another
 exploitable buffer overflow could be triggered in situations when
 memory allocation files.
 
 The provided packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d24a96383803817c7bc4873eddd788c5  10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
 4e2abc98c3467167e7d1e80c8673e627  10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
 c86e00c698a0c1c6a86b72822822a21d  10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
 7ad76d69b422fe93b819290dbb19d9c3  10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
 96fd3591c761678893f43e86579a126d  10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
 89a64ea4af5fb2b3867e15abe1f38813  10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8c0a0ae9b8af0e852ff537790bb78b79  amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
 54e359a8a63cf94d35cdda65455d8c2a  amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
 560d64e9c9db0f0aa7d20223b525a30e  amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
 f283e5fa417f62422cceed597972158f  amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
 547ae80ca8ef2a37f6afd877bc89b324  amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
 89a64ea4af5fb2b3867e15abe1f38813  amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 d8789ade849ca9fa4ca29320c538ec7d  10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
 2d10d7a5405712dc6fa60e0c751e6935  10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
 a9bb0d482e65acfc4c0b55aa8449e61c  10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
 5bd8c7ea1891db4d8eb9dd691480a0df  10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
 6a62e104fd24f40b85b673529aa82b38  10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
 865c36af331c9bd111fd20d0d777a674  10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
 031465e275846f22279d4817f3b2a12d  10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 14302a4c19f67e797cf02278c2ac42c6  x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
 b4e6c99bfdeac90e16475eec2e651b0e  x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
 38a0a974e95c96787bc857bb358afa84  x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
 bf5d0e23fa0a4ebbd1a46277621a4bb8  x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
 b9f2f06d42079cb81221688d46c34446  x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
 f71573be7c4c32bf330ea105dff7df8b  x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
 031465e275846f22279d4817f3b2a12d  x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBplnemqjQ0CJFipgRApbUAJ983C6D2j81TXcJc1N2Kz8Gk4jAPACeNsKQ
6pyLvL8CtlWKztkm1J3yzu4=
=N1Yf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault