Synopsis:	Important: cyrus-imapd security update
Issue date:	2009-06-18
CVE Names:	CVE-2009-0688

It was discovered that the Cyrus SASL library (cyrus-sasl) does not 
always reliably terminate output from the sasl_encode64() function used 
by programs using this library. The Cyrus IMAP server (cyrus-imapd) 
relied on this function's output being properly terminated. Under 
certain conditions, improperly terminated output from sasl_encode64() 
could, potentially, cause cyrus-imapd to crash, disclose portions of its 
memory, or lead to SASL authentication failures. (CVE-2009-0688)

After installing the update, cyrus-imapd will be restarted automatically.

SL 4.x

      SRPMS:
cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
      i386:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
      x86_64:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm

SL 5.x

      SRPMS:
cyrus-imapd-2.3.7-2.el5_3.2.src.rpm
      i386:
cyrus-imapd-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm
      x86_64:
cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm

-Connie Sieh
-Troy Dawson