 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 25 Sep 2009 11:53:46 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: cyrus-imapd security update
Issue date: 2009-09-23
CVE Names: CVE-2009-2632 CVE-2009-3235
CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve
CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows
Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve
implementation. An authenticated user able to create Sieve mail
filtering rules could use these flaws to execute arbitrary code with the
privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235)
After installing the update, cyrus-imapd will be restarted automatically.
SL 4.x
SRPMS:
cyrus-imapd-2.2.12-10.el4_8.4.src.rpm
i386:
cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm
perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm
x86_64:
cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm
SL 5.x
SRPMS:
cyrus-imapd-2.3.7-7.el5_4.3.src.rpm
i386:
cyrus-imapd-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm
x86_64:
cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
