Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Gentoo: GLSA-201110-16 High: Cyrus IMAP Server Remote Risks

gentoo
Calendar Grey October 22, 2011
Dist Gentoo Esm H88
Cyrus IMAP Service on Gentoo encounters critical vulnerabilities. Immediate upgrade advised to mitigate risks of potential remote exploitation.
The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a Denial of Service

Summary

Multiple vulnerabilities have been discovered in the Cyrus IMAP Server. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory high severity remote execution Denial of Service Gentoo Linux Cyrus IMAP Server

Resolution

All Cyrus IMAP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12"

References

[ 1 ] CVE-2009-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2632 [ 2 ] CVE-2011-3208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3208 [ 3 ] CVE-2011-3481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3481

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201110-16
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: Cyrus IMAP Server: Multiple vulnerabilities
Date: October 22, 2011
Bugs: #283596, #382349, #385729
ID: 201110-16

Topics%20covered

Topics Covered

security advisory high severity remote execution Denial of Service Gentoo Linux Cyrus IMAP Server

Synopsis

The Cyrus IMAP Server is affected by multiple vulnerabilities which could potentially lead to the remote execution of arbitrary code or a Denial of Service.

Background

The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/cyrus-imapd < 2.4.12 >= 2.4.12

Impact

===== An unauthenticated local or remote attacker may be able to execute arbitrary code with the privileges of the Cyrus IMAP Server process or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Related News

Your message here