Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Slackware 10.2 SSA:2005-310-06 Moderate: imapd Buffer Overflow Fix

slackware
Calendar Grey November 6, 2005
Dist Slackware Esm H88
Recent upgrades to imapd for Slackware address critical vulnerabilities in email processing. Immediate update advised.
New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix (an alleged) security issue

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/imapd-4.64-i486-1.tgz: Upgraded to imapd-4.64. A buffer overflow was reported in the mail_valid_net_parse_work function. However, this function in the c-client library does not appear to be called from anywhere in imapd. iDefense states that the issue is of LOW risk to sites that allow users shell access, and LOW-MODERATE risk to other servers. I believe it's possible that it is of NIL risk if the function is indeed dead code to imapd, but draw your own conclusions... (* Security fix *)

Topics%20covered

Topics Covered

security advisory buffer overflow security fix Slackware moderate risk email server imapd

Where Find New Packages

Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/
Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/
Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ ftp...

Read the Full Advisory

MD5 Signatures

Slackware 8.1 packages: 78d3d037b97f17c111072c5d4c38e9f2 imapd-4.64-i386-1.tgz 1c85ca280ccc67126bc6dc1dca975627 pine-4.64-i386-1.tgz
Slackware 9.0 packages: b7441e48990c943a407e624297462bcf imapd-4.64-i386-1.tgz 511f23cdfad804091c2cd19535049921 pine-4.64-i386-1.tgz
Slackware 9.1 packages: 7a2ad708d914c8b5a87bdeefa008c85b imapd-4.64-i486-1.tgz 2b9d497ab55f4d3ffaf5f9e14a4d8b7b pine-4.64-i486-1.tgz
Slackware 10.0 packages: 87c82d442781a04cf0f9fd5e49e22732 imapd-4.64-i486-1.tgz d311d9f79910d828511e5509de6215f2 pine-4.64-i486-1.tgz
Slackware 10.1 packages: 445d1414e92aaf236d277f09cff074ea imapd-4.64-i486-1.tgz ed694c28eae7fb967a510b8c71137ceb pine-4.64-i486-1.tgz
Slackware 10.2 packages: 1e74b74199a891851347f05f77585c35 imapd-4.64-i486-1.tgz 874997ce55e5700854fcdd4b5c8cbe8d pine-4.64-i486-1.tgz
Slackware -current packages: 874997ce55e5700854fcdd4b5c8cbe8d pine-4.64-i486-1.tgz 1e74b74199a891851347f05f77585c35 imapd-4.64-i486-1.tgz

Topics%20covered

Topics Covered

security advisory buffer overflow security fix Slackware moderate risk email server imapd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg pine-4.64-i486-1.tgz imapd-4.64-i486-1.tgz

Related News

Your message here