Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in cyrus-imapd
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in cyrus-imapd
ID: MDVSA-2009:229-1
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Sa, 5. Dezember 2009, 16:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
Applikationen: Cyrus IMAP Server

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260028470-24326-1659


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:229-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : cyrus-imapd
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in cyrus-imapd:

Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
to execute arbitrary code and read or modify arbitrary messages via
a crafted SIEVE script, related to the incorrect use of the sizeof
operator for determining buffer length, combined with an integer
signedness error (CVE-2009-2632).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
3624587d9792be346e43e89fdefca08f
2008.0/i586/cyrus-imapd-2.3.8-4.1mdv2008.0.i586.rpm
964fdf726329871c4cce92f11da00692
2008.0/i586/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.i586.rpm
5fd6c344a226014105f01cec643fc24f
2008.0/i586/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.i586.rpm
07ed14c27d7cbf32ca9fe1a16a244907
2008.0/i586/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.i586.rpm
8a0b889b937ea0e4bb20eeee82979c17
2008.0/i586/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.i586.rpm
86f444535a86d7fb3f608e2c7612df75
2008.0/i586/perl-Cyrus-2.3.8-4.1mdv2008.0.i586.rpm
5b9213e9db4ccc29efe4c5c389436aaf
2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d6efe505d3695fc96ca96c6a1e43b01a
2008.0/x86_64/cyrus-imapd-2.3.8-4.1mdv2008.0.x86_64.rpm
08759474f31a25d5b48179cabccc873e
2008.0/x86_64/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.x86_64.rpm
029231ca655d20e016146f1b5988f4c8
2008.0/x86_64/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.x86_64.rpm
1573bb824fa3d2747b7bf5ed64034ba8
2008.0/x86_64/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.x86_64.rpm
ff36f2669c5007afc4b232ac9ed59d83
2008.0/x86_64/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.x86_64.rpm
ff65dff0ef99b87e81b52a9e4946658f
2008.0/x86_64/perl-Cyrus-2.3.8-4.1mdv2008.0.x86_64.rpm
5b9213e9db4ccc29efe4c5c389436aaf
2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGlX9mqjQ0CJFipgRAiZAAJ90vfOd0KH1OlBegEA29vg98+Ga5ACffAgl
VP8ROOVBxJt907M/TP1pD2I=
=VOgd
-----END PGP SIGNATURE-----


------------=_1260028470-24326-1659
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260028470-24326-1659--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung