 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 19 Jun 2009 13:22:42 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: cyrus-imapd security update
Issue date: 2009-06-18
CVE Names: CVE-2009-0688
It was discovered that the Cyrus SASL library (cyrus-sasl) does not
always reliably terminate output from the sasl_encode64() function used
by programs using this library. The Cyrus IMAP server (cyrus-imapd)
relied on this function's output being properly terminated. Under
certain conditions, improperly terminated output from sasl_encode64()
could, potentially, cause cyrus-imapd to crash, disclose portions of its
memory, or lead to SASL authentication failures. (CVE-2009-0688)
After installing the update, cyrus-imapd will be restarted automatically.
SL 4.x
SRPMS:
cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
i386:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
x86_64:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
SL 5.x
SRPMS:
cyrus-imapd-2.3.7-2.el5_3.2.src.rpm
i386:
cyrus-imapd-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm
x86_64:
cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
