Mandriva 1274 Published by

Updated cyrus-imapd packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: cyrus-imapd
Advisory ID: MDKSA-2004:139
Date: November 25th, 2004

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. Another exploitable buffer overflow could be triggered in situations when memory allocation files.

The provided packages have been patched to prevent these problems.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
d24a96383803817c7bc4873eddd788c5 10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
4e2abc98c3467167e7d1e80c8673e627 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
c86e00c698a0c1c6a86b72822822a21d 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
7ad76d69b422fe93b819290dbb19d9c3 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
96fd3591c761678893f43e86579a126d 10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
89a64ea4af5fb2b3867e15abe1f38813 10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8c0a0ae9b8af0e852ff537790bb78b79 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
54e359a8a63cf94d35cdda65455d8c2a amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
560d64e9c9db0f0aa7d20223b525a30e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
f283e5fa417f62422cceed597972158f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
547ae80ca8ef2a37f6afd877bc89b324 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
89a64ea4af5fb2b3867e15abe1f38813 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

Mandrakelinux 10.1:
d8789ade849ca9fa4ca29320c538ec7d 10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
2d10d7a5405712dc6fa60e0c751e6935 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
a9bb0d482e65acfc4c0b55aa8449e61c 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
5bd8c7ea1891db4d8eb9dd691480a0df 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
6a62e104fd24f40b85b673529aa82b38 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
865c36af331c9bd111fd20d0d777a674 10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
031465e275846f22279d4817f3b2a12d 10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
14302a4c19f67e797cf02278c2ac42c6 x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
b4e6c99bfdeac90e16475eec2e651b0e x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
38a0a974e95c96787bc857bb358afa84 x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
bf5d0e23fa0a4ebbd1a46277621a4bb8 x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
b9f2f06d42079cb81221688d46c34446 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
f71573be7c4c32bf330ea105dff7df8b x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
031465e275846f22279d4817f3b2a12d x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com