Sender: |
|
Date: |
Fri, 19 Jun 2009 13:22:42 -0500 |
MIME-version: |
1.0 |
Reply-To: |
|
Content-type: |
text/plain; format=flowed; charset=ISO-8859-1 |
Subject: |
|
From: |
|
Content-transfer-encoding: |
7BIT |
Comments: |
|
Parts/Attachments: |
|
|
Synopsis: Important: cyrus-imapd security update
Issue date: 2009-06-18
CVE Names: CVE-2009-0688
It was discovered that the Cyrus SASL library (cyrus-sasl) does not
always reliably terminate output from the sasl_encode64() function used
by programs using this library. The Cyrus IMAP server (cyrus-imapd)
relied on this function's output being properly terminated. Under
certain conditions, improperly terminated output from sasl_encode64()
could, potentially, cause cyrus-imapd to crash, disclose portions of its
memory, or lead to SASL authentication failures. (CVE-2009-0688)
After installing the update, cyrus-imapd will be restarted automatically.
SL 4.x
SRPMS:
cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
i386:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
x86_64:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
SL 5.x
SRPMS:
cyrus-imapd-2.3.7-2.el5_3.2.src.rpm
i386:
cyrus-imapd-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm
x86_64:
cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|