OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 05-Apr-2005 16:43:08
Branch: HEAD Handle: 2005040515430800
Modified files:
openpkg-web/security OpenPKG-SA-2005.005-imapd.txt
Log:
release OpenPKG Security Advisory 2005.005 (imapd)
Summary:
Revision Changes Path
1.4 +22 -17 openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt
============================================================================
$ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2005.005-imapd.txt
--- openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt 30 Mar 2005
14:36:48 -0000 1.3
+++ openpkg-web/security/OpenPKG-SA-2005.005-imapd.txt 5 Apr 2005
14:43:08 -0000 1.4
@@ -1,9 +1,12 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
-OpenPKG-SA-2005.005 30-Mar-2005
+OpenPKG-SA-2005.005 05-Apr-2005
________________________________________________________________________
Package: imapd
@@ -14,14 +17,12 @@
OpenPKG CURRENT <= imapd-2.2.10-20050129 >= imapd-2.2.11-20050214
OpenPKG 2.2 <= imapd-2.2.8-2.2.1 >= imapd-2.2.8-2.2.2
-Affected Releases: Dependent Packages:
-OpenPKG CURRENT kolab, squirrelmail
-OpenPKG 2.2 kolab
+Dependent Packages: none
Description:
Sean Larsson discovered several vulnerabilities in the Cyrus IMAP
- Server [0] that could allow a remote attacker to execute machine
- code in the context of the server process.
+ Server [0] that could allow a remote attacker to execute machine code
+ in the context of the server process.
The Cyrus Electronic Messaging Project identified the affected
server logic and released a security advisory [1]. Essentially,
@@ -33,17 +34,17 @@
the problem.
Please check whether you are affected by running "<prefix>/bin/openpkg
- rpm -q imapd". If you have the "imapd" package installed and its version
- is affected (see above), we recommend that you immediately upgrade it
- (see Solution) and its dependent packages (see above) as well [3][4].
+ rpm -q imapd". If you have the "imapd" package installed and its
+ version is affected (see above), we recommend that you immediately
+ upgrade it (see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
- [5], fetch it from the OpenPKG FTP service [6] or a mirror
- location, verify its integrity [7], build a corresponding binary RPM
- from it [8] and update your OpenPKG installation by applying the
- binary RPM [9]. For the most recent release OpenPKG 2.2, perform the
- following operations to permanently fix the security problem.
+ [5], fetch it from the OpenPKG FTP service [6] or a mirror location,
+ verify its integrity [7], build a corresponding binary RPM from it
+ [3] and update your OpenPKG installation by applying the binary RPM
+ [4]. For the most previous release OpenPKG 2.2, perform the following
+ operations to permanently fix the security problem.
$ ftp ftp.openpkg.org
ftp> bin
@@ -54,9 +55,6 @@
$ <prefix>/bin/openpkg rpm --rebuild imapd-2.2.8-2.2.2.src.rpm
$ su -
# <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/imapd-2.2.8-2.2.2.*.rpm
-
- Additionally, we recommend that you rebuild and reinstall
- all dependent packages (see above) as well [3][4].
________________________________________________________________________
References:
@@ -77,3 +75,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFCUqPxgHWT4GPEy58RAt+GAKDOatq1M0OtZNO4Jdq0prnrNrbDowCgzbfn
+74UcLwGpm7wfbOoSpT7Nu4M=
+=z4o5
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
