SCIENTIFIC-LINUX-ERRATA Archives

June 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: cyrus-imapd on SL4.x, SL5.x, SL6.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 8 Jun 2011 16:09:33 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (67 lines) 
Synopsis:    Moderate: cyrus-imapd security update
Issue Date:  2011-06-08
CVE Numbers: CVE-2011-1926

The cyrus-imapd packages contain a high-performance mail server with 
IMAP, POP3, NNTP, and Sieve support.

It was discovered that cyrus-imapd did not flush the received commands
buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3
sessions. A man-in-the-middle attacker could use this flaw to inject
protocol commands into a victim's TLS session initialization messages. 
This could lead to those commands being processed by cyrus-imapd, 
potentially allowing the attacker to steal the victim's mail or 
authentication credentials. (CVE-2011-1926)

Users of cyrus-imapd are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the update, cyrus-imapd will be restarted automatically.

SL4:
   i386
      cyrus-imapd-2.2.12-15.el4.i386.rpm
      cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
      cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
      cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
      perl-Cyrus-2.2.12-15.el4.i386.rpm
      cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
      cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
   x86_64
      cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
      cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
      perl-Cyrus-2.2.12-15.el4.x86_64.rpm
      cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
      cyrus-imapd-2.2.12-15.el4.x86_64.rpm
      cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
      cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
SL5:
   i386
      cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm
      cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm
      cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
      cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm
      cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
   x86_64
      cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm
      cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm
      cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm
      cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
      cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm
      cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm
      cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
SL6:
   i386
      cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm
      cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm
      cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm
      cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
   x86_64
      cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
      cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm
      cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
      cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm
      cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm
      cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2