MDVSA-2009:229-1
- Package name
- cyrus-imapd
- Date
- 2009-12-05
- Advisory ID
- MDVSA-2009:229-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability has been found and corrected in cyrus-imapd:
Buffer overflow in the SIEVE script component (sieve/script.c) in
cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users
to execute arbitrary code and read or modify arbitrary messages via
a crafted SIEVE script, related to the incorrect use of the sizeof
operator for determining buffer length, combined with an integer
signedness error (CVE-2009-2632).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
3624587d9792be346e43e89fdefca08f 2008.0/i586/cyrus-imapd-2.3.8-4.1mdv2008.0.i586.rpm 964fdf726329871c4cce92f11da00692 2008.0/i586/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.i586.rpm 5fd6c344a226014105f01cec643fc24f 2008.0/i586/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.i586.rpm 07ed14c27d7cbf32ca9fe1a16a244907 2008.0/i586/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.i586.rpm 8a0b889b937ea0e4bb20eeee82979c17 2008.0/i586/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.i586.rpm 86f444535a86d7fb3f608e2c7612df75 2008.0/i586/perl-Cyrus-2.3.8-4.1mdv2008.0.i586.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm
2008.0 x86_64
d6efe505d3695fc96ca96c6a1e43b01a 2008.0/x86_64/cyrus-imapd-2.3.8-4.1mdv2008.0.x86_64.rpm 08759474f31a25d5b48179cabccc873e 2008.0/x86_64/cyrus-imapd-devel-2.3.8-4.1mdv2008.0.x86_64.rpm 029231ca655d20e016146f1b5988f4c8 2008.0/x86_64/cyrus-imapd-murder-2.3.8-4.1mdv2008.0.x86_64.rpm 1573bb824fa3d2747b7bf5ed64034ba8 2008.0/x86_64/cyrus-imapd-nntp-2.3.8-4.1mdv2008.0.x86_64.rpm ff36f2669c5007afc4b232ac9ed59d83 2008.0/x86_64/cyrus-imapd-utils-2.3.8-4.1mdv2008.0.x86_64.rpm ff65dff0ef99b87e81b52a9e4946658f 2008.0/x86_64/perl-Cyrus-2.3.8-4.1mdv2008.0.x86_64.rpm 5b9213e9db4ccc29efe4c5c389436aaf 2008.0/SRPMS/cyrus-imapd-2.3.8-4.1mdv2008.0.src.rpm