[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:229 ] cyrus-imapd
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:229 ] cyrus-imapd
- From: security@xxxxxxxxxxxx
- Date: Fri, 11 Sep 2009 15:31:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:229
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cyrus-imapd
Date : September 11, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in cyrus-imapd:
Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
to execute arbitrary code and read or modify arbitrary messages via
a crafted SIEVE script, related to the incorrect use of the sizeof
operator for determining buffer length, combined with an integer
signedness error (CVE-2009-2632).
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
8cc343d32cbe0bb7498e48c545e43508
2008.1/i586/cyrus-imapd-2.3.11-6.1mdv2008.1.i586.rpm
7977c0b95053bdcc23cf0272762aae6a
2008.1/i586/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.i586.rpm
67bbec2bd3009cc6cea47fa4cd48fdbc
2008.1/i586/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.i586.rpm
c764b6d6b5d1b6c81b0ad496ff546caf
2008.1/i586/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.i586.rpm
f146d72d5e0094dae92c5f775445e9b9
2008.1/i586/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.i586.rpm
69eb50891cbf82c122320a0f619f4cdc
2008.1/i586/perl-Cyrus-2.3.11-6.1mdv2008.1.i586.rpm
1ff485cd9434cf4fd67194d6528028b4
2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
010faa01f06afbda030527cd2aa0683c
2008.1/x86_64/cyrus-imapd-2.3.11-6.1mdv2008.1.x86_64.rpm
10a37e876bef9e2448b839cb4fe1bcfd
2008.1/x86_64/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.x86_64.rpm
1627455d5048e7e54a08ebaaccd9aa0d
2008.1/x86_64/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.x86_64.rpm
f5afffe07c9e2d8f9d24e2494904e04e
2008.1/x86_64/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.x86_64.rpm
bed786208ab8427d63f1a0f7fae3cfde
2008.1/x86_64/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.x86_64.rpm
330c2e33be0c0e5cdc305360d5c0a4f7
2008.1/x86_64/perl-Cyrus-2.3.11-6.1mdv2008.1.x86_64.rpm
1ff485cd9434cf4fd67194d6528028b4
2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
861b1478ad055a9a6f07eb8967ff547a
2009.0/i586/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
861c1bfcad95c60c11522e8335295e7a
2009.0/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
5b0ecc7269cb9b413ef88ea06dc5fe15
2009.0/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
7849f9bbe45a3057c05104a9a1762474
2009.0/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
09c14dd031920d5a8969b70f84fc49a3
2009.0/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
16972adb346b781505b3f5d3f3c71946
2009.0/i586/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
13b073cf3d8941c69f1cbadf23824789
2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
95d7b331e1177ade9a191f86c0a0cf79
2009.0/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
bd05df88b56999da5c13e8d8792da7b8
2009.0/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
4e64259aee697cdaf72cd00e658a8598
2009.0/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
72ebe80164830a43ab6bf845809e4d55
2009.0/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
7f4546e7272547df7e652c72b1b105b7
2009.0/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
da57e28942a66e52d3e8dfe60bde32a5
2009.0/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
13b073cf3d8941c69f1cbadf23824789
2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
58b94016098b3a5364221e39a123c39e
2009.1/i586/cyrus-imapd-2.3.14-1.1mdv2009.1.i586.rpm
66cd4df4cfa7b18e1c79e0d211fb81aa
2009.1/i586/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.i586.rpm
0c2e94276c31f2081ad111ab3ceecd29
2009.1/i586/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.i586.rpm
c73fc447b15a7f4839c39a9771a8ac79
2009.1/i586/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.i586.rpm
d507d2b74240e58285e43d77ae2fda6b
2009.1/i586/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.i586.rpm
517cce2bb7391239c8aecbd8930d1474
2009.1/i586/perl-Cyrus-2.3.14-1.1mdv2009.1.i586.rpm
26aaa8d38cc9558e96928c50580246be
2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
5adbd549a75be7f0652a94a806990908
2009.1/x86_64/cyrus-imapd-2.3.14-1.1mdv2009.1.x86_64.rpm
abb74664517821be7ed5e1325e525cea
2009.1/x86_64/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.x86_64.rpm
4bd17d2d9e17d491d72d04810aba8ea2
2009.1/x86_64/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.x86_64.rpm
936401cb2ac3c86fc442d3188c08c2d1
2009.1/x86_64/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.x86_64.rpm
02d16f059dc993326a333292c8d8ad90
2009.1/x86_64/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.x86_64.rpm
46372b504a0cbe8ebf8698b851b00428
2009.1/x86_64/perl-Cyrus-2.3.14-1.1mdv2009.1.x86_64.rpm
26aaa8d38cc9558e96928c50580246be
2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm
Corporate 3.0:
5392c40d6c4e1ff9fef3942a83849819
corporate/3.0/i586/cyrus-imapd-2.1.16-5.5.C30mdk.i586.rpm
a12e7ab3f4028443fc5f996771ee7c2e
corporate/3.0/i586/cyrus-imapd-devel-2.1.16-5.5.C30mdk.i586.rpm
b094e91d12bd4b61b2d973b31318ce11
corporate/3.0/i586/cyrus-imapd-murder-2.1.16-5.5.C30mdk.i586.rpm
2cacfb15a7a0d5d8ce882ffe38bb2845
corporate/3.0/i586/cyrus-imapd-utils-2.1.16-5.5.C30mdk.i586.rpm
63e2dd9ef59ad900d4ee4f9490979666
corporate/3.0/i586/perl-Cyrus-2.1.16-5.5.C30mdk.i586.rpm
6f3d1d3b7eeff09edd733ef6942180b7
corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
fe133fa1064adbf1d4607215d4e6bde7
corporate/3.0/x86_64/cyrus-imapd-2.1.16-5.5.C30mdk.x86_64.rpm
0f1a9956110e84b18e0432b86db1fa5f
corporate/3.0/x86_64/cyrus-imapd-devel-2.1.16-5.5.C30mdk.x86_64.rpm
15944d1019d0dc511d1224d79434643d
corporate/3.0/x86_64/cyrus-imapd-murder-2.1.16-5.5.C30mdk.x86_64.rpm
04ca4f4cd2549f4d9e99ee7dbf1074e1
corporate/3.0/x86_64/cyrus-imapd-utils-2.1.16-5.5.C30mdk.x86_64.rpm
0e0d65fa0c6ab3316481b935469e90f3
corporate/3.0/x86_64/perl-Cyrus-2.1.16-5.5.C30mdk.x86_64.rpm
6f3d1d3b7eeff09edd733ef6942180b7
corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm
Corporate 4.0:
4a1f18fc2fc3c8e95b0ebd469b86cdf0
corporate/4.0/i586/cyrus-imapd-2.2.13-2.1.20060mlcs4.i586.rpm
847bb7ffea3defd4d8806988797873da
corporate/4.0/i586/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.i586.rpm
0e1e43933a7bd9fa099dfca49050a5cd
corporate/4.0/i586/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.i586.rpm
d38696f97d1d3695e8407ac519f284a5
corporate/4.0/i586/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.i586.rpm
1e532cbedd10498ea758cbeb0efeb64b
corporate/4.0/i586/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.i586.rpm
493514aa4f1854419ac68aa57aeab744
corporate/4.0/i586/perl-Cyrus-2.2.13-2.1.20060mlcs4.i586.rpm
c42c501087a96d32a7a04133de4d124b
corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c23a435bfe2e1a8eecc3047f597d7f24
corporate/4.0/x86_64/cyrus-imapd-2.2.13-2.1.20060mlcs4.x86_64.rpm
69f886a7188731cedf8096456b882bee
corporate/4.0/x86_64/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.x86_64.rpm
5b7debfa1e3b4f10885c04867504b076
corporate/4.0/x86_64/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.x86_64.rpm
b15a896304a31d56852727b968079b55
corporate/4.0/x86_64/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.x86_64.rpm
5ef8ed1ac2475ac4dcc9fbfec14962dc
corporate/4.0/x86_64/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.x86_64.rpm
e270f621bc9da684e2f228d5f29a92e2
corporate/4.0/x86_64/perl-Cyrus-2.2.13-2.1.20060mlcs4.x86_64.rpm
c42c501087a96d32a7a04133de4d124b
corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
3a96ff490d8c1ead6e799ec584122b85
mes5/i586/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.i586.rpm
0de835b2fcbd5c83ad719d9c4ae9a1b5
mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.i586.rpm
098fcd5a79b3d01f5c9508de02c5e88f
mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.i586.rpm
8b45205d98b9e2d46851fd297ff4ddd0
mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.i586.rpm
295f60bf9ffd1784c69354e6e7f84eec
mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.i586.rpm
8bd1ee3f655b3c9ac6d98fd1fb275233
mes5/i586/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.i586.rpm
18628bdcef4ce4455a2a8b7b99dfc708
mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
cef42fadc6708bc6957d0da5979d85c9
mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
12b66e5f5b24f93f47a18d12e973c1f9
mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
842c4d08f4526361cca8c97adb04883a
mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
ea008e3bd31062c8cf17444a03a37945
mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
d002a9fc9e2090eaebfd100c8f1e89d5
mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
785d0137bb6836b257cd5293f33f7b72
mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
18628bdcef4ce4455a2a8b7b99dfc708
mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKqiKumqjQ0CJFipgRAvuXAJ93upJUc1s4F6PPUITpGOugbg3sWQCgiehD
YoTVygN1iDQtN+w4PW+EDfI=
=5doF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/