Synopsis:	Important: cyrus-imapd security update
Issue date:	2009-09-23
CVE Names:	CVE-2009-2632 CVE-2009-3235

CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve
CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows

Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve
implementation. An authenticated user able to create Sieve mail 
filtering rules could use these flaws to execute arbitrary code with the 
privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235)

After installing the update, cyrus-imapd will be restarted automatically.

SL 4.x

       SRPMS:
cyrus-imapd-2.2.12-10.el4_8.4.src.rpm
       i386:
cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm
perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm
       x86_64:
cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm

SL 5.x

       SRPMS:
cyrus-imapd-2.3.7-7.el5_4.3.src.rpm
       i386:
cyrus-imapd-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm
       x86_64:
cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm

-Connie Sieh
-Troy Dawson