Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2008:133

Package name: sympa
Date: 2008-07-04
Advisory ID: MDVSA-2008:133
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A denial of service condition was discovered in Sympa versions prior
to 5.4 that allowed remote attackers to crash the Sympa daemon via
a malformed email message (CVE-2008-1648).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 6e2632d45d6f4474665457aef2d7574f  corporate/4.0/x86_64/sympa-5.1.0-2.1.20060mlcs4.x86_64.rpm 
 2abfb52172b7becbb926bd6cf8f63693  corporate/4.0/SRPMS/sympa-5.1.0-2.1.20060mlcs4.src.rpm

CS4.0 i586

 655a68493320ad7bb781763f2e772a8f  corporate/4.0/i586/sympa-5.1.0-2.1.20060mlcs4.i586.rpm 
 2abfb52172b7becbb926bd6cf8f63693  corporate/4.0/SRPMS/sympa-5.1.0-2.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1648