Paketname
cyrus-imapd
Datum
2009-09-11
Advisory ID
MDVSA-2009:229
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Problembeschreibung

A vulnerability has been found and corrected in cyrus-imapd:

Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
to execute arbitrary code and read or modify arbitrary messages via
a crafted SIEVE script, related to the incorrect use of the sizeof
operator for determining buffer length, combined with an integer
signedness error (CVE-2009-2632).

This update provides a solution to this vulnerability.

Aktualisierte Pakete

2009.0 x86_64

 95d7b331e1177ade9a191f86c0a0cf79  2009.0/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 bd05df88b56999da5c13e8d8792da7b8  2009.0/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 4e64259aee697cdaf72cd00e658a8598  2009.0/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 72ebe80164830a43ab6bf845809e4d55  2009.0/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 7f4546e7272547df7e652c72b1b105b7  2009.0/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm
 da57e28942a66e52d3e8dfe60bde32a5  2009.0/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 
 13b073cf3d8941c69f1cbadf23824789  2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm

CS4.0 x86_64

 c23a435bfe2e1a8eecc3047f597d7f24  corporate/4.0/x86_64/cyrus-imapd-2.2.13-2.1.20060mlcs4.x86_64.rpm
 69f886a7188731cedf8096456b882bee  corporate/4.0/x86_64/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.x86_64.rpm
 5b7debfa1e3b4f10885c04867504b076  corporate/4.0/x86_64/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.x86_64.rpm
 b15a896304a31d56852727b968079b55  corporate/4.0/x86_64/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.x86_64.rpm
 5ef8ed1ac2475ac4dcc9fbfec14962dc  corporate/4.0/x86_64/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.x86_64.rpm
 e270f621bc9da684e2f228d5f29a92e2  corporate/4.0/x86_64/perl-Cyrus-2.2.13-2.1.20060mlcs4.x86_64.rpm 
 c42c501087a96d32a7a04133de4d124b  corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm

MES5 i586

 3a96ff490d8c1ead6e799ec584122b85  mes5/i586/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 0de835b2fcbd5c83ad719d9c4ae9a1b5  mes5/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 098fcd5a79b3d01f5c9508de02c5e88f  mes5/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 8b45205d98b9e2d46851fd297ff4ddd0  mes5/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 295f60bf9ffd1784c69354e6e7f84eec  mes5/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.i586.rpm
 8bd1ee3f655b3c9ac6d98fd1fb275233  mes5/i586/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.i586.rpm 
 18628bdcef4ce4455a2a8b7b99dfc708  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm

2009.1 i586

 58b94016098b3a5364221e39a123c39e  2009.1/i586/cyrus-imapd-2.3.14-1.1mdv2009.1.i586.rpm
 66cd4df4cfa7b18e1c79e0d211fb81aa  2009.1/i586/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.i586.rpm
 0c2e94276c31f2081ad111ab3ceecd29  2009.1/i586/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.i586.rpm
 c73fc447b15a7f4839c39a9771a8ac79  2009.1/i586/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.i586.rpm
 d507d2b74240e58285e43d77ae2fda6b  2009.1/i586/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.i586.rpm
 517cce2bb7391239c8aecbd8930d1474  2009.1/i586/perl-Cyrus-2.3.14-1.1mdv2009.1.i586.rpm 
 26aaa8d38cc9558e96928c50580246be  2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm

2009.0 i586

 861b1478ad055a9a6f07eb8967ff547a  2009.0/i586/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 861c1bfcad95c60c11522e8335295e7a  2009.0/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 5b0ecc7269cb9b413ef88ea06dc5fe15  2009.0/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 7849f9bbe45a3057c05104a9a1762474  2009.0/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 09c14dd031920d5a8969b70f84fc49a3  2009.0/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.i586.rpm
 16972adb346b781505b3f5d3f3c71946  2009.0/i586/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 
 13b073cf3d8941c69f1cbadf23824789  2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm

2008.1 i586

 8cc343d32cbe0bb7498e48c545e43508  2008.1/i586/cyrus-imapd-2.3.11-6.1mdv2008.1.i586.rpm
 7977c0b95053bdcc23cf0272762aae6a  2008.1/i586/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.i586.rpm
 67bbec2bd3009cc6cea47fa4cd48fdbc  2008.1/i586/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.i586.rpm
 c764b6d6b5d1b6c81b0ad496ff546caf  2008.1/i586/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.i586.rpm
 f146d72d5e0094dae92c5f775445e9b9  2008.1/i586/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.i586.rpm
 69eb50891cbf82c122320a0f619f4cdc  2008.1/i586/perl-Cyrus-2.3.11-6.1mdv2008.1.i586.rpm 
 1ff485cd9434cf4fd67194d6528028b4  2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm

CS3.0 x86_64

 fe133fa1064adbf1d4607215d4e6bde7  corporate/3.0/x86_64/cyrus-imapd-2.1.16-5.5.C30mdk.x86_64.rpm
 0f1a9956110e84b18e0432b86db1fa5f  corporate/3.0/x86_64/cyrus-imapd-devel-2.1.16-5.5.C30mdk.x86_64.rpm
 15944d1019d0dc511d1224d79434643d  corporate/3.0/x86_64/cyrus-imapd-murder-2.1.16-5.5.C30mdk.x86_64.rpm
 04ca4f4cd2549f4d9e99ee7dbf1074e1  corporate/3.0/x86_64/cyrus-imapd-utils-2.1.16-5.5.C30mdk.x86_64.rpm
 0e0d65fa0c6ab3316481b935469e90f3  corporate/3.0/x86_64/perl-Cyrus-2.1.16-5.5.C30mdk.x86_64.rpm 
 6f3d1d3b7eeff09edd733ef6942180b7  corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm

CS4.0 i586

 4a1f18fc2fc3c8e95b0ebd469b86cdf0  corporate/4.0/i586/cyrus-imapd-2.2.13-2.1.20060mlcs4.i586.rpm
 847bb7ffea3defd4d8806988797873da  corporate/4.0/i586/cyrus-imapd-devel-2.2.13-2.1.20060mlcs4.i586.rpm
 0e1e43933a7bd9fa099dfca49050a5cd  corporate/4.0/i586/cyrus-imapd-murder-2.2.13-2.1.20060mlcs4.i586.rpm
 d38696f97d1d3695e8407ac519f284a5  corporate/4.0/i586/cyrus-imapd-nntp-2.2.13-2.1.20060mlcs4.i586.rpm
 1e532cbedd10498ea758cbeb0efeb64b  corporate/4.0/i586/cyrus-imapd-utils-2.2.13-2.1.20060mlcs4.i586.rpm
 493514aa4f1854419ac68aa57aeab744  corporate/4.0/i586/perl-Cyrus-2.2.13-2.1.20060mlcs4.i586.rpm 
 c42c501087a96d32a7a04133de4d124b  corporate/4.0/SRPMS/cyrus-imapd-2.2.13-2.1.20060mlcs4.src.rpm

CS3.0 i586

 5392c40d6c4e1ff9fef3942a83849819  corporate/3.0/i586/cyrus-imapd-2.1.16-5.5.C30mdk.i586.rpm
 a12e7ab3f4028443fc5f996771ee7c2e  corporate/3.0/i586/cyrus-imapd-devel-2.1.16-5.5.C30mdk.i586.rpm
 b094e91d12bd4b61b2d973b31318ce11  corporate/3.0/i586/cyrus-imapd-murder-2.1.16-5.5.C30mdk.i586.rpm
 2cacfb15a7a0d5d8ce882ffe38bb2845  corporate/3.0/i586/cyrus-imapd-utils-2.1.16-5.5.C30mdk.i586.rpm
 63e2dd9ef59ad900d4ee4f9490979666  corporate/3.0/i586/perl-Cyrus-2.1.16-5.5.C30mdk.i586.rpm 
 6f3d1d3b7eeff09edd733ef6942180b7  corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.5.C30mdk.src.rpm

2008.1 x86_64

 010faa01f06afbda030527cd2aa0683c  2008.1/x86_64/cyrus-imapd-2.3.11-6.1mdv2008.1.x86_64.rpm
 10a37e876bef9e2448b839cb4fe1bcfd  2008.1/x86_64/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.x86_64.rpm
 1627455d5048e7e54a08ebaaccd9aa0d  2008.1/x86_64/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.x86_64.rpm
 f5afffe07c9e2d8f9d24e2494904e04e  2008.1/x86_64/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.x86_64.rpm
 bed786208ab8427d63f1a0f7fae3cfde  2008.1/x86_64/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.x86_64.rpm
 330c2e33be0c0e5cdc305360d5c0a4f7  2008.1/x86_64/perl-Cyrus-2.3.11-6.1mdv2008.1.x86_64.rpm 
 1ff485cd9434cf4fd67194d6528028b4  2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm

2009.1 x86_64

 5adbd549a75be7f0652a94a806990908  2009.1/x86_64/cyrus-imapd-2.3.14-1.1mdv2009.1.x86_64.rpm
 abb74664517821be7ed5e1325e525cea  2009.1/x86_64/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.x86_64.rpm
 4bd17d2d9e17d491d72d04810aba8ea2  2009.1/x86_64/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.x86_64.rpm
 936401cb2ac3c86fc442d3188c08c2d1  2009.1/x86_64/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.x86_64.rpm
 02d16f059dc993326a333292c8d8ad90  2009.1/x86_64/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.x86_64.rpm
 46372b504a0cbe8ebf8698b851b00428  2009.1/x86_64/perl-Cyrus-2.3.14-1.1mdv2009.1.x86_64.rpm 
 26aaa8d38cc9558e96928c50580246be  2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm

MES5 x86_64

 cef42fadc6708bc6957d0da5979d85c9  mes5/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 12b66e5f5b24f93f47a18d12e973c1f9  mes5/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 842c4d08f4526361cca8c97adb04883a  mes5/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 ea008e3bd31062c8cf17444a03a37945  mes5/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 d002a9fc9e2090eaebfd100c8f1e89d5  mes5/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm
 785d0137bb6836b257cd5293f33f7b72  mes5/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdvmes5.x86_64.rpm 
 18628bdcef4ce4455a2a8b7b99dfc708  mes5/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdvmes5.src.rpm

Referenzen