[Full-Disclosure] MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities

From: Mandrake Linux Security Team (security_at_linux-mandrake.com)
Date: 11/25/04

  • Next message: Heikki Toivonen: "Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception"
    To: full-disclosure@lists.netsys.com
    Date: 25 Nov 2004 22:17:03 -0000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________

                     Mandrakelinux Security Update Advisory
     _______________________________________________________________________

     Package name: cyrus-imapd
     Advisory ID: MDKSA-2004:139
     Date: November 25th, 2004

     Affected versions: 10.0, 10.1
     ______________________________________________________________________

     Problem Description:

     A number of vulnerabilities in the Cyrus-IMAP server were found by
     Stefan Esser. Due to insufficient checking within the argument
     parser of the 'partial' and 'fetch' commands, a buffer overflow could
     be exploited to execute arbitrary attacker-supplied code. Another
     exploitable buffer overflow could be triggered in situations when
     memory allocation files.
     
     The provided packages have been patched to prevent these problems.
     _______________________________________________________________________

     References:

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1011
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1012
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1013
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1015
     ______________________________________________________________________

     Updated Packages:
      
     Mandrakelinux 10.0:
     d24a96383803817c7bc4873eddd788c5 10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.i586.rpm
     4e2abc98c3467167e7d1e80c8673e627 10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.i586.rpm
     c86e00c698a0c1c6a86b72822822a21d 10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.i586.rpm
     7ad76d69b422fe93b819290dbb19d9c3 10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.i586.rpm
     96fd3591c761678893f43e86579a126d 10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.i586.rpm
     89a64ea4af5fb2b3867e15abe1f38813 10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

     Mandrakelinux 10.0/AMD64:
     8c0a0ae9b8af0e852ff537790bb78b79 amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.3.100mdk.amd64.rpm
     54e359a8a63cf94d35cdda65455d8c2a amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.3.100mdk.amd64.rpm
     560d64e9c9db0f0aa7d20223b525a30e amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.3.100mdk.amd64.rpm
     f283e5fa417f62422cceed597972158f amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.3.100mdk.amd64.rpm
     547ae80ca8ef2a37f6afd877bc89b324 amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.3.100mdk.amd64.rpm
     89a64ea4af5fb2b3867e15abe1f38813 amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.3.100mdk.src.rpm

     Mandrakelinux 10.1:
     d8789ade849ca9fa4ca29320c538ec7d 10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.i586.rpm
     2d10d7a5405712dc6fa60e0c751e6935 10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.i586.rpm
     a9bb0d482e65acfc4c0b55aa8449e61c 10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.i586.rpm
     5bd8c7ea1891db4d8eb9dd691480a0df 10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.i586.rpm
     6a62e104fd24f40b85b673529aa82b38 10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.i586.rpm
     865c36af331c9bd111fd20d0d777a674 10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.i586.rpm
     031465e275846f22279d4817f3b2a12d 10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm

     Mandrakelinux 10.1/X86_64:
     14302a4c19f67e797cf02278c2ac42c6 x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.1.101mdk.x86_64.rpm
     b4e6c99bfdeac90e16475eec2e651b0e x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.1.101mdk.x86_64.rpm
     38a0a974e95c96787bc857bb358afa84 x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.1.101mdk.x86_64.rpm
     bf5d0e23fa0a4ebbd1a46277621a4bb8 x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.1.101mdk.x86_64.rpm
     b9f2f06d42079cb81221688d46c34446 x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.1.101mdk.x86_64.rpm
     f71573be7c4c32bf330ea105dff7df8b x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.1.101mdk.x86_64.rpm
     031465e275846f22279d4817f3b2a12d x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.1.101mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrakeUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandrakesoft for security. You can obtain
     the GPG public key of the Mandrakelinux Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandrakelinux at:

      http://www.mandrakesoft.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_linux-mandrake.com

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
      <security linux-mandrake.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQFBplnemqjQ0CJFipgRApbUAJ983C6D2j81TXcJc1N2Kz8Gk4jAPACeNsKQ
    6pyLvL8CtlWKztkm1J3yzu4=
    =N1Yf
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Heikki Toivonen: "Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception"

    Relevant Pages