drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in cyrus-imapd
Name: |
Pufferüberlauf in cyrus-imapd |
|
ID: |
MDVSA-2009:229-1 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 2008.0 |
|
Datum: |
Sa, 5. Dezember 2009, 16:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 |
|
Applikationen: |
Cyrus IMAP Server |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1260028470-24326-1659
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:229-1 http://www.mandriva.com/security/ _______________________________________________________________________
Package : cyrus-imapd Date : December 5, 2009 Affected: 2008.0 _______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 _______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0: 3624587d9792be346e43e89fdefca08f 2008.0/i586/cyrus-imapd-2.3.8-4.1mdv2008.0.i586.rpm 964fdf726329871c4cce92f11da00692 2008.0/i586/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.i586.rpm 5fd6c344a226014105f01cec643fc24f 2008.0/i586/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.i586.rpm 07ed14c27d7cbf32ca9fe1a16a244907 2008.0/i586/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.i586.rpm 8a0b889b937ea0e4bb20eeee82979c17 2008.0/i586/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.i586.rpm 86f444535a86d7fb3f608e2c7612df75 2008.0/i586/perl-Cyrus-2.3.8-4.1mdv2008.0.i586.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: d6efe505d3695fc96ca96c6a1e43b01a 2008.0/x86_64/cyrus-imapd-2.3.8-4.1mdv2008.0.x86_64.rpm 08759474f31a25d5b48179cabccc873e 2008.0/x86_64/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.x86_64.rpm 029231ca655d20e016146f1b5988f4c8 2008.0/x86_64/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.x86_64.rpm 1573bb824fa3d2747b7bf5ed64034ba8 2008.0/x86_64/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.x86_64.rpm ff36f2669c5007afc4b232ac9ed59d83 2008.0/x86_64/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.x86_64.rpm ff65dff0ef99b87e81b52a9e4946658f 2008.0/x86_64/perl-Cyrus-2.3.8-4.1mdv2008.0.x86_64.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGlX9mqjQ0CJFipgRAiZAAJ90vfOd0KH1OlBegEA29vg98+Ga5ACffAgl VP8ROOVBxJt907M/TP1pD2I= =VOgd -----END PGP SIGNATURE-----
------------=_1260028470-24326-1659 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1260028470-24326-1659--
|
|
|
|