Skip to navigation

Security Advisory cyrus-imapd security update

Advisory: RHSA-2005:408-04
Type: Security Advisory
Severity: Moderate
Issued on: 2005-05-17
Last updated on: 2005-05-17
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0546

Details

Updated cyrus-imapd packages that fix several buffer overflow security
issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The cyrus-imapd package contains the core of the Cyrus IMAP server.

Several buffer overflow bugs were found in cyrus-imapd. It is possible that
an authenticated malicious user could cause the imap server to crash.
Additionally, a peer news admin could potentially execute arbitrary code on
the imap server when news is received using the fetchnews command. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0546 to this issue.

Users of cyrus-imapd are advised to upgrade to these updated packages, which
contain cyrus-imapd version 2.2.12 to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4b3fa71b394dbd0e8c87a29c5a56b286
 
IA-32:
cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 68c478ca17ecb402c8d6044a08fbbf97
cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: b0e73a633a3f420cb7c1b3201bbb6ab4
cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0b417a838fde38c48e118bbae7adb5de
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 60d37f09e9b5db67a90b26d899eef10e
cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 125973b27ff9c214fdcade6adfbbab4c
perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: adf11c07b7572a803fba0694b10a9bf3
 
x86_64:
cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 66c83d5825b3487300365d4d5d6f65f9
cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: bae570996e911c09e130cfafbd006ae7
cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: a665893a93037f024419f31b0647d684
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 723ffd10890a8c6ca91496a3d0f66511
cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 03b502fd34bc8a1c3bcfcc4d7b987dfb
perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: f785bfaab819a7fba7ecee0313c85dba
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4b3fa71b394dbd0e8c87a29c5a56b286
 
IA-32:
cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 68c478ca17ecb402c8d6044a08fbbf97
cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: b0e73a633a3f420cb7c1b3201bbb6ab4
cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0b417a838fde38c48e118bbae7adb5de
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 60d37f09e9b5db67a90b26d899eef10e
cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 125973b27ff9c214fdcade6adfbbab4c
perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: adf11c07b7572a803fba0694b10a9bf3
 
IA-64:
cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 47e38551bf642b9f3c950e4d73014963
cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4c7ca20e0b41290767236bc7cebced40
cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 892adc82d6b337d5b838de06b31f6005
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 2d15fe37eaa0e6e82294b2fb4448824c
cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: e7d894fce5d9dfe8f17fcdbbd80280ee
perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0d5ce4154308b7ad7796c9517c1b6fcd
 
PPC:
cyrus-imapd-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0cf0e912e3d10a013f875ca75f6ed117
cyrus-imapd-devel-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: 76e6a47a7b15caf6bdf770d8c8e9ceb2
cyrus-imapd-murder-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: c70639b4245a12ccc5d7d81cbe8a8262
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: 9aa309aef2579944259cb7ffe8245488
cyrus-imapd-utils-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: f1c85a497a0e80e1ceaa146b2e78a742
perl-Cyrus-2.2.12-3.RHEL4.1.ppc.rpm
File outdated by:  RHSA-2011:1508
    MD5: cc16c62094b302d9411f3be1ee38ab09
 
s390:
cyrus-imapd-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: f7dc2f55144bb5f4fc608811f80323a0
cyrus-imapd-devel-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: f1b97671e20f3af01272f848b42f254e
cyrus-imapd-murder-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: 00103a5a070125fd21b8e474bf321ec1
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: e49e2d04a077d8f7478eb0f0d43fe91e
cyrus-imapd-utils-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0918d048e49457ece8c2e772a0ff2a2b
perl-Cyrus-2.2.12-3.RHEL4.1.s390.rpm
File outdated by:  RHSA-2011:1508
    MD5: 9dcb24d38c2bc3f5506a742e526f2ebc
 
s390x:
cyrus-imapd-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 45b6b8d9c21885c76263dc59b3b8e612
cyrus-imapd-devel-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 624f870b32646960b4b02b0b38395f0c
cyrus-imapd-murder-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 3785bb0f2410fbecdd19b0c4d006ad19
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 3b5acbdc0b46d079e033ecb1c7f5702c
cyrus-imapd-utils-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 27a4e0d1eb725896dad32f01bd29ed58
perl-Cyrus-2.2.12-3.RHEL4.1.s390x.rpm
File outdated by:  RHSA-2011:1508
    MD5: 2f229a87ffcf945db5fece6ef5f1882b
 
x86_64:
cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 66c83d5825b3487300365d4d5d6f65f9
cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: bae570996e911c09e130cfafbd006ae7
cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: a665893a93037f024419f31b0647d684
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 723ffd10890a8c6ca91496a3d0f66511
cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 03b502fd34bc8a1c3bcfcc4d7b987dfb
perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: f785bfaab819a7fba7ecee0313c85dba
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4b3fa71b394dbd0e8c87a29c5a56b286
 
IA-32:
cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 68c478ca17ecb402c8d6044a08fbbf97
cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: b0e73a633a3f420cb7c1b3201bbb6ab4
cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0b417a838fde38c48e118bbae7adb5de
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 60d37f09e9b5db67a90b26d899eef10e
cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 125973b27ff9c214fdcade6adfbbab4c
perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: adf11c07b7572a803fba0694b10a9bf3
 
IA-64:
cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 47e38551bf642b9f3c950e4d73014963
cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4c7ca20e0b41290767236bc7cebced40
cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 892adc82d6b337d5b838de06b31f6005
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 2d15fe37eaa0e6e82294b2fb4448824c
cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: e7d894fce5d9dfe8f17fcdbbd80280ee
perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0d5ce4154308b7ad7796c9517c1b6fcd
 
x86_64:
cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 66c83d5825b3487300365d4d5d6f65f9
cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: bae570996e911c09e130cfafbd006ae7
cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: a665893a93037f024419f31b0647d684
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 723ffd10890a8c6ca91496a3d0f66511
cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 03b502fd34bc8a1c3bcfcc4d7b987dfb
perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: f785bfaab819a7fba7ecee0313c85dba
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
cyrus-imapd-2.2.12-3.RHEL4.1.src.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4b3fa71b394dbd0e8c87a29c5a56b286
 
IA-32:
cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 68c478ca17ecb402c8d6044a08fbbf97
cyrus-imapd-devel-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: b0e73a633a3f420cb7c1b3201bbb6ab4
cyrus-imapd-murder-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0b417a838fde38c48e118bbae7adb5de
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 60d37f09e9b5db67a90b26d899eef10e
cyrus-imapd-utils-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: 125973b27ff9c214fdcade6adfbbab4c
perl-Cyrus-2.2.12-3.RHEL4.1.i386.rpm
File outdated by:  RHSA-2011:1508
    MD5: adf11c07b7572a803fba0694b10a9bf3
 
IA-64:
cyrus-imapd-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 47e38551bf642b9f3c950e4d73014963
cyrus-imapd-devel-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 4c7ca20e0b41290767236bc7cebced40
cyrus-imapd-murder-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 892adc82d6b337d5b838de06b31f6005
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 2d15fe37eaa0e6e82294b2fb4448824c
cyrus-imapd-utils-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: e7d894fce5d9dfe8f17fcdbbd80280ee
perl-Cyrus-2.2.12-3.RHEL4.1.ia64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 0d5ce4154308b7ad7796c9517c1b6fcd
 
x86_64:
cyrus-imapd-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 66c83d5825b3487300365d4d5d6f65f9
cyrus-imapd-devel-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: bae570996e911c09e130cfafbd006ae7
cyrus-imapd-murder-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: a665893a93037f024419f31b0647d684
cyrus-imapd-nntp-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 723ffd10890a8c6ca91496a3d0f66511
cyrus-imapd-utils-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: 03b502fd34bc8a1c3bcfcc4d7b987dfb
perl-Cyrus-2.2.12-3.RHEL4.1.x86_64.rpm
File outdated by:  RHSA-2011:1508
    MD5: f785bfaab819a7fba7ecee0313c85dba
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

149869 - CAN-2005-0546 multiple buffer overflows in cyrus-imapd


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/