Subject: | |
From: | |
Reply To: | |
Date: | Wed, 8 Jun 2011 16:09:33 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: cyrus-imapd security update
Issue Date: 2011-06-08
CVE Numbers: CVE-2011-1926
The cyrus-imapd packages contain a high-performance mail server with
IMAP, POP3, NNTP, and Sieve support.
It was discovered that cyrus-imapd did not flush the received commands
buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3
sessions. A man-in-the-middle attacker could use this flaw to inject
protocol commands into a victim's TLS session initialization messages.
This could lead to those commands being processed by cyrus-imapd,
potentially allowing the attacker to steal the victim's mail or
authentication credentials. (CVE-2011-1926)
Users of cyrus-imapd are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the update, cyrus-imapd will be restarted automatically.
SL4:
i386
cyrus-imapd-2.2.12-15.el4.i386.rpm
cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
perl-Cyrus-2.2.12-15.el4.i386.rpm
cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
x86_64
cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
perl-Cyrus-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
SL5:
i386
cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
x86_64
cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
SL6:
i386
cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
x86_64
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm
- Scientific Linux Development Team
|
|
|