What Are You Looking For?

Sign Up
Date:         Fri, 19 Jun 2009 13:22:42 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: cyrus-imapd on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: cyrus-imapd security update
Issue date:	2009-06-18
CVE Names:	CVE-2009-0688

It was discovered that the Cyrus SASL library (cyrus-sasl) does not 
always reliably terminate output from the sasl_encode64() function used 
by programs using this library. The Cyrus IMAP server (cyrus-imapd) 
relied on this function's output being properly terminated. Under 
certain conditions, improperly terminated output from sasl_encode64() 
could, potentially, cause cyrus-imapd to crash, disclose portions of its 
memory, or lead to SASL authentication failures. (CVE-2009-0688)

After installing the update, cyrus-imapd will be restarted automatically.

SL 4.x

      SRPMS:
cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
      i386:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm
      x86_64:
cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm

SL 5.x

      SRPMS:
cyrus-imapd-2.3.7-2.el5_3.2.src.rpm
      i386:
cyrus-imapd-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm
      x86_64:
cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpm
cyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpm
cyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0688 Important: cyrus-imapd SL4.x, SL5.x i386/x86_64

Important: cyrus-imapd security update

Summary

Date:         Fri, 19 Jun 2009 13:22:42 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Important: cyrus-imapd on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: cyrus-imapd security updateIssue date:	2009-06-18CVE Names:	CVE-2009-0688It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688)After installing the update, cyrus-imapd will be restarted automatically.SL 4.x      SRPMS:cyrus-imapd-2.2.12-10.el4_8.1.src.rpm      i386:cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpmperl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpm      x86_64:cyrus-imapd-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-devel-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-murder-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpmcyrus-imapd-utils-2.2.12-10.el4_8.1.x86_64.rpmperl-Cyrus-2.2.12-10.el4_8.1.x86_64.rpmSL 5.x      SRPMS:cyrus-imapd-2.3.7-2.el5_3.2.src.rpm      i386:cyrus-imapd-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-perl-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-utils-2.3.7-2.el5_3.2.i386.rpm      x86_64:cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.i386.rpmcyrus-imapd-devel-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-perl-2.3.7-2.el5_3.2.x86_64.rpmcyrus-imapd-utils-2.3.7-2.el5_3.2.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo