-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  imapd (SSA:2005-310-06)

New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix (an alleged) security issue.  See the details
below for more information.  Also, new Pine packages are provided since
these are built together...  why not?  Might as well upgrade that too,
while I'm fixing the fake security problem.  :-)


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/


MD5 signatures:
+-------------+

Slackware 8.1 packages:
78d3d037b97f17c111072c5d4c38e9f2  imapd-4.64-i386-1.tgz
1c85ca280ccc67126bc6dc1dca975627  pine-4.64-i386-1.tgz

Slackware 9.0 packages:
b7441e48990c943a407e624297462bcf  imapd-4.64-i386-1.tgz
511f23cdfad804091c2cd19535049921  pine-4.64-i386-1.tgz

Slackware 9.1 packages:
7a2ad708d914c8b5a87bdeefa008c85b  imapd-4.64-i486-1.tgz
2b9d497ab55f4d3ffaf5f9e14a4d8b7b  pine-4.64-i486-1.tgz

Slackware 10.0 packages:
87c82d442781a04cf0f9fd5e49e22732  imapd-4.64-i486-1.tgz
d311d9f79910d828511e5509de6215f2  pine-4.64-i486-1.tgz

Slackware 10.1 packages:
445d1414e92aaf236d277f09cff074ea  imapd-4.64-i486-1.tgz
ed694c28eae7fb967a510b8c71137ceb  pine-4.64-i486-1.tgz

Slackware 10.2 packages:
1e74b74199a891851347f05f77585c35  imapd-4.64-i486-1.tgz
874997ce55e5700854fcdd4b5c8cbe8d  pine-4.64-i486-1.tgz

Slackware -current packages:
874997ce55e5700854fcdd4b5c8cbe8d  pine-4.64-i486-1.tgz
1e74b74199a891851347f05f77585c35  imapd-4.64-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg pine-4.64-i486-1.tgz imapd-4.64-i486-1.tgz


+-----+

Slackware: 2005-310-06: imapd Security Update

November 6, 2005
New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix (an alleged) security issue

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *)

Where Find New Packages

Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/
Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/
Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/

MD5 Signatures

Slackware 8.1 packages: 78d3d037b97f17c111072c5d4c38e9f2 imapd-4.64-i386-1.tgz 1c85ca280ccc67126bc6dc1dca975627 pine-4.64-i386-1.tgz
Slackware 9.0 packages: b7441e48990c943a407e624297462bcf imapd-4.64-i386-1.tgz 511f23cdfad804091c2cd19535049921 pine-4.64-i386-1.tgz
Slackware 9.1 packages: 7a2ad708d914c8b5a87bdeefa008c85b imapd-4.64-i486-1.tgz 2b9d497ab55f4d3ffaf5f9e14a4d8b7b pine-4.64-i486-1.tgz
Slackware 10.0 packages: 87c82d442781a04cf0f9fd5e49e22732 imapd-4.64-i486-1.tgz d311d9f79910d828511e5509de6215f2 pine-4.64-i486-1.tgz
Slackware 10.1 packages: 445d1414e92aaf236d277f09cff074ea imapd-4.64-i486-1.tgz ed694c28eae7fb967a510b8c71137ceb pine-4.64-i486-1.tgz
Slackware 10.2 packages: 1e74b74199a891851347f05f77585c35 imapd-4.64-i486-1.tgz 874997ce55e5700854fcdd4b5c8cbe8d pine-4.64-i486-1.tgz
Slackware -current packages: 874997ce55e5700854fcdd4b5c8cbe8d pine-4.64-i486-1.tgz 1e74b74199a891851347f05f77585c35 imapd-4.64-i486-1.tgz

Severity
[slackware-security] imapd (SSA:2005-310-06)
New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix (an alleged) security issue. See the details below for more information. Also, new Pine packages are provided since these are built together... why not? Might as well upgrade that too, while I'm fixing the fake security problem. :-)

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg pine-4.64-i486-1.tgz imapd-4.64-i486-1.tgz

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved