SciLinux: CVE-2009-0688 Important: cyrus-imapd SL4.x, SL5.x i386/x86_64
Summary
Date: Fri, 19 Jun 2009 13:22:42 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: cyrus-imapd on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: cyrus-imapd security updateIssue date: 2009-06-18CVE Names: CVE-2009-0688It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688)After installing the update, cyrus-imapd will be restarted automatically.SL 4.x SRPMS:cyrus-imapd-2.2.12-10.el4_8.1.src.rpm i386:cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpmperl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm x86_64:cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpmperl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpmSL 5.x SRPMS:cyrus-imapd-2.3.7-2.el5_3.2.src.rpm i386:cyrus-imapd-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm x86_64:cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm-Connie Sieh-Troy Dawson