<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-imapd
 Advisory ID:            MDKSA-2005:051
 Date:                   March 4th, 2005

 Affected versions:      10.0, 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Several overruns have been fixed in the IMAP annote extension as well
 as in cached header handling which can be run by an authenticated
 user.  As well, additional bounds checking in fetchnews was improved
 to avoid exploitation by a peer news admin.
 _______________________________________________________________________

 References:

  
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 15b7624cdc9037f9c4e79c600073ecf8  
10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
 05600c038393a440b049b61e561221c3  
10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
 785c6f762ef8653dbd94820b0b6381a1  
10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
 c11e66f88672e11d1702725479a7f0d5  
10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
 71aa4e964c66ad49b2ae669cbb6e9bd1  
10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
 ffeeb4eb0f65ca39e11c180601a35d68  
10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 e8c78f838cca93171d2f8cd5c8c9a879  
amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
 e5477d6d98bc82e9ab8c1a839055cc43  
amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
 a89538a6bc145fec9e2b6b17e37d2e5e  
amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
 52b24414eee9d6fea4fe2ddf4f27bd1f  
amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
 f802162383bf61b4d9187e180b2c2bf1  
amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
 ffeeb4eb0f65ca39e11c180601a35d68  
amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 f6cdca31a854112c2ca5f74776776f1c  
10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
 8b5794bf11f4b7999830efa69e2d28f8  
10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
 4c11340d7e1f25bd0ab640a6d716ddd0  
10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
 0f0e1f74726f916c0e34f2d297f7fb98  
10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
 e336fb5ddea4b2b97e91aad061293160  
10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
 3a9335988510ec620e6a111f92aefb48  
10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
 525da02530ca95c483aca8267b759219  
10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 230bb0fcbe79666f2e7a58d86320277e  
x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
 7b9c9cd889f294a04952d6e4491ac8bf  
x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
 d859ab07c750bfdfd50f770bd7e3c54d  
x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
 1b88303a5c38ebf4dfff3867d95db3cf  
x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
 82ae917972b5cf748d7ba2401da0ec83  
x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
 b8c33ab3333f8c6757bc554f1b735d8f  
x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
 525da02530ca95c483aca8267b759219  
x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

 Corporate 3.0:
 5f9b9b9352a4bf01e1d7d60bc0b2acd4  
corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
 611e40f49b42c9bef517f577ae84e118  
corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
 c5a7d27fec6bf10bc5a423d5228c3c97  
corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
 ddaafa645b1052c4008805a6755983c6  
corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
 00b8785bd521991143ab1dac0d5862c1  
corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
 709aa090996e807f3370552cb810f15e  
corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b6b638cfe6bffc99873d5ee0b0fcd8d0  
x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
 2f4d38c95aaf387e3d60c3ccf5fa16eb  
x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
 47e1de6c31502c7b799eff36a555b5bd  
x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
 dfbb236b3d834829b29ddcb49a0261b0  
x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
 74c7c8947715bf3c911b691afc46c8ea  
x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
 709aa090996e807f3370552cb810f15e  
x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCKNPimqjQ0CJFipgRAh13AJ4u/uO5sSdIXaQ70lYusdsatCO2fQCfTyz6
i7H+T0VRG5cGivhnfd8OExo=
=zb/p
-----END PGP SIGNATURE-----