SciLinux: CVE-2009-2632 Important: cyrus-imapd SL4.x, SL5.x i386/x8...

Date:         Fri, 25 Sep 2009 11:53:46 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: cyrus-imapd on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: cyrus-imapd security update
Issue date:	2009-09-23
CVE Names:	CVE-2009-2632 CVE-2009-3235

CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieve
CVE-2009-3235 cyrus-impad: CMU sieve buffer overflows

Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve
implementation. An authenticated user able to create Sieve mail 
filtering rules could use these flaws to execute arbitrary code with the 
privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235)

After installing the update, cyrus-imapd will be restarted automatically.

SL 4.x

       SRPMS:
cyrus-imapd-2.2.12-10.el4_8.4.src.rpm
       i386:
cyrus-imapd-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpm
perl-Cyrus-2.2.12-10.el4_8.4.i386.rpm
       x86_64:
cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpm
cyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpm
perl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpm

SL 5.x

       SRPMS:
cyrus-imapd-2.3.7-7.el5_4.3.src.rpm
       i386:
cyrus-imapd-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm
       x86_64:
cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline

Date: Fri, 25 Sep 2009 11:53:46 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: cyrus-imapd on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: cyrus-imapd security updateIssue date: 2009-09-23CVE Names: CVE-2009-2632 CVE-2009-3235CVE-2009-2632 cyrus-imapd: buffer overflow in cyrus sieveCVE-2009-3235 cyrus-impad: CMU sieve buffer overflowsMultiple buffer overflow flaws were found in the Cyrus IMAP Sieveimplementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235)After installing the update, cyrus-imapd will be restarted automatically.SL 4.x SRPMS:cyrus-imapd-2.2.12-10.el4_8.4.src.rpm i386:cyrus-imapd-2.2.12-10.el4_8.4.i386.rpmcyrus-imapd-devel-2.2.12-10.el4_8.4.i386.rpmcyrus-imapd-murder-2.2.12-10.el4_8.4.i386.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.4.i386.rpmcyrus-imapd-utils-2.2.12-10.el4_8.4.i386.rpmperl-Cyrus-2.2.12-10.el4_8.4.i386.rpm x86_64:cyrus-imapd-2.2.12-10.el4_8.4.x86_64.rpmcyrus-imapd-devel-2.2.12-10.el4_8.4.x86_64.rpmcyrus-imapd-murder-2.2.12-10.el4_8.4.x86_64.rpmcyrus-imapd-nntp-2.2.12-10.el4_8.4.x86_64.rpmcyrus-imapd-utils-2.2.12-10.el4_8.4.x86_64.rpmperl-Cyrus-2.2.12-10.el4_8.4.x86_64.rpmSL 5.x SRPMS:cyrus-imapd-2.3.7-7.el5_4.3.src.rpm i386:cyrus-imapd-2.3.7-7.el5_4.3.i386.rpmcyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpmcyrus-imapd-perl-2.3.7-7.el5_4.3.i386.rpmcyrus-imapd-utils-2.3.7-7.el5_4.3.i386.rpm x86_64:cyrus-imapd-2.3.7-7.el5_4.3.x86_64.rpmcyrus-imapd-devel-2.3.7-7.el5_4.3.i386.rpmcyrus-imapd-devel-2.3.7-7.el5_4.3.x86_64.rpmcyrus-imapd-perl-2.3.7-7.el5_4.3.x86_64.rpmcyrus-imapd-utils-2.3.7-7.el5_4.3.x86_64.rpm-Connie Sieh-Troy Dawsonlastline

What Are You Looking For?

SciLinux: CVE-2009-2632 Important: cyrus-imapd SL4.x, SL5.x i386/x86_64

Summary

Security Fixes

Kali Linux 2023.4 Released With New Hacking Tools

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

About Us

Powered By