Security Advisory Moderate: imap security update

Advisory: RHSA-2009:0275-5
Type: Security Advisory
Severity: Moderate
Issued on: 2009-02-19
Last updated on: 2009-02-19
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20090275.xml
CVEs (cve.mitre.org): CVE-2008-5005

Details

Updated imap packages to fix a security issue are now available for Red Hat
Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access protocols.

A buffer overflow flaw was discovered in the dmail and tmail mail delivery
utilities shipped with imap. If either of these utilities were used as a
mail delivery agent, a remote attacker could potentially use this flaw to
run arbitrary code as the targeted user by sending a specially-crafted mail
message to the victim. (CVE-2008-5005)

Users of imap should upgrade to these updated packages, which contain a
backported patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
imap-2002d-15.src.rpm     f001ccd928f87638ef8b241449720e94
 
IA-32:
imap-2002d-15.i386.rpm     ef5bd68ba96ada2b05a278dafedc8ab7
imap-devel-2002d-15.i386.rpm     05729082bcca3f07068ae81a05236441
imap-utils-2002d-15.i386.rpm     06bd7e921092c47b2e93ff5e3057f721
 
x86_64:
imap-2002d-15.x86_64.rpm     71345ece8b8ab8422f7aee4ce5239a55
imap-devel-2002d-15.x86_64.rpm     502b4091f98c53ff5ce5fef62d326b8e
imap-utils-2002d-15.x86_64.rpm     19a013e74f7ff521ad43e6eddb54eb96
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
imap-2002d-15.src.rpm     f001ccd928f87638ef8b241449720e94
 
IA-32:
imap-2002d-15.i386.rpm     ef5bd68ba96ada2b05a278dafedc8ab7
imap-devel-2002d-15.i386.rpm     05729082bcca3f07068ae81a05236441
imap-utils-2002d-15.i386.rpm     06bd7e921092c47b2e93ff5e3057f721
 
IA-64:
imap-2002d-15.ia64.rpm     ad0c0f423062b1dc55fc513a59f0ecf4
imap-devel-2002d-15.ia64.rpm     c3e499d478c5f5bfb726d086d6026817
imap-utils-2002d-15.ia64.rpm     c22b041ad03ed725a10fe94c7a10aeaa
 
PPC:
imap-2002d-15.ppc.rpm     bab3757d18fae2c2d5769b8fc0f7acd2
imap-devel-2002d-15.ppc.rpm     c922293b70228bd69cc02ef8e8742d79
imap-utils-2002d-15.ppc.rpm     70e9322e3ad69c4acfd3a7154b0aef48
 
s390:
imap-2002d-15.s390.rpm     8c68dbb8704eeb986f252ee47a42d8c2
imap-devel-2002d-15.s390.rpm     03f3eb033d9f0cb5c47e7119b882b95d
imap-utils-2002d-15.s390.rpm     a810fd79c40c97247e832dccab30be73
 
s390x:
imap-2002d-15.s390x.rpm     8e22d9c3e1b92e4c42b390be0c0e449f
imap-devel-2002d-15.s390x.rpm     18e0c64ead6fab12054905aaa02c0cc7
imap-utils-2002d-15.s390x.rpm     c58b2138c64792aaecb682c5c01a1b83
 
x86_64:
imap-2002d-15.x86_64.rpm     71345ece8b8ab8422f7aee4ce5239a55
imap-devel-2002d-15.x86_64.rpm     502b4091f98c53ff5ce5fef62d326b8e
imap-utils-2002d-15.x86_64.rpm     19a013e74f7ff521ad43e6eddb54eb96
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
imap-2002d-15.src.rpm     f001ccd928f87638ef8b241449720e94
 
IA-32:
imap-2002d-15.i386.rpm     ef5bd68ba96ada2b05a278dafedc8ab7
imap-devel-2002d-15.i386.rpm     05729082bcca3f07068ae81a05236441
imap-utils-2002d-15.i386.rpm     06bd7e921092c47b2e93ff5e3057f721
 
IA-64:
imap-2002d-15.ia64.rpm     ad0c0f423062b1dc55fc513a59f0ecf4
imap-devel-2002d-15.ia64.rpm     c3e499d478c5f5bfb726d086d6026817
imap-utils-2002d-15.ia64.rpm     c22b041ad03ed725a10fe94c7a10aeaa
 
x86_64:
imap-2002d-15.x86_64.rpm     71345ece8b8ab8422f7aee4ce5239a55
imap-devel-2002d-15.x86_64.rpm     502b4091f98c53ff5ce5fef62d326b8e
imap-utils-2002d-15.x86_64.rpm     19a013e74f7ff521ad43e6eddb54eb96
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
imap-2002d-15.src.rpm     f001ccd928f87638ef8b241449720e94
 
IA-32:
imap-2002d-15.i386.rpm     ef5bd68ba96ada2b05a278dafedc8ab7
imap-devel-2002d-15.i386.rpm     05729082bcca3f07068ae81a05236441
imap-utils-2002d-15.i386.rpm     06bd7e921092c47b2e93ff5e3057f721
 
IA-64:
imap-2002d-15.ia64.rpm     ad0c0f423062b1dc55fc513a59f0ecf4
imap-devel-2002d-15.ia64.rpm     c3e499d478c5f5bfb726d086d6026817
imap-utils-2002d-15.ia64.rpm     c22b041ad03ed725a10fe94c7a10aeaa
 
x86_64:
imap-2002d-15.x86_64.rpm     71345ece8b8ab8422f7aee4ce5239a55
imap-devel-2002d-15.x86_64.rpm     502b4091f98c53ff5ce5fef62d326b8e
imap-utils-2002d-15.x86_64.rpm     19a013e74f7ff521ad43e6eddb54eb96
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

469667 - CVE-2008-5005 uw-imap: buffer overflow in dmail and tmail


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/