MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cyrus-imapd
Advisory ID: MDKSA-2005:051
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
Several overruns have been fixed in the IMAP annote extension as well
as in cached header handling which can be run by an authenticated
user. As well, additional bounds checking in fetchnews was improved
to avoid exploitation by a peer news admin.
_______________________________________________________________________
References:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
15b7624cdc9037f9c4e79c600073ecf8
10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
05600c038393a440b049b61e561221c3
10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
785c6f762ef8653dbd94820b0b6381a1
10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
c11e66f88672e11d1702725479a7f0d5
10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
71aa4e964c66ad49b2ae669cbb6e9bd1
10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
ffeeb4eb0f65ca39e11c180601a35d68
10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
e8c78f838cca93171d2f8cd5c8c9a879
amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
e5477d6d98bc82e9ab8c1a839055cc43
amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
a89538a6bc145fec9e2b6b17e37d2e5e
amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
52b24414eee9d6fea4fe2ddf4f27bd1f
amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
f802162383bf61b4d9187e180b2c2bf1
amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
ffeeb4eb0f65ca39e11c180601a35d68
amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm
Mandrakelinux 10.1:
f6cdca31a854112c2ca5f74776776f1c
10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
8b5794bf11f4b7999830efa69e2d28f8
10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
4c11340d7e1f25bd0ab640a6d716ddd0
10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
0f0e1f74726f916c0e34f2d297f7fb98
10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
e336fb5ddea4b2b97e91aad061293160
10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
3a9335988510ec620e6a111f92aefb48
10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
525da02530ca95c483aca8267b759219
10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
230bb0fcbe79666f2e7a58d86320277e
x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
7b9c9cd889f294a04952d6e4491ac8bf
x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
d859ab07c750bfdfd50f770bd7e3c54d
x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
1b88303a5c38ebf4dfff3867d95db3cf
x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
82ae917972b5cf748d7ba2401da0ec83
x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
b8c33ab3333f8c6757bc554f1b735d8f
x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
525da02530ca95c483aca8267b759219
x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm
Corporate 3.0:
5f9b9b9352a4bf01e1d7d60bc0b2acd4
corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
611e40f49b42c9bef517f577ae84e118
corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
c5a7d27fec6bf10bc5a423d5228c3c97
corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm
ddaafa645b1052c4008805a6755983c6
corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
00b8785bd521991143ab1dac0d5862c1
corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
709aa090996e807f3370552cb810f15e
corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
b6b638cfe6bffc99873d5ee0b0fcd8d0
x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm
2f4d38c95aaf387e3d60c3ccf5fa16eb
x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm
47e1de6c31502c7b799eff36a555b5bd
x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm
dfbb236b3d834829b29ddcb49a0261b0
x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm
74c7c8947715bf3c911b691afc46c8ea
x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm
709aa090996e807f3370552cb810f15e
x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCKNPimqjQ0CJFipgRAh13AJ4u/uO5sSdIXaQ70lYusdsatCO2fQCfTyz6
i7H+T0VRG5cGivhnfd8OExo=
=zb/p
-----END PGP SIGNATURE-----