|
|
| Problem Description |
A denial of service condition was discovered in Sympa versions prior
to 5.4 that allowed remote attackers to crash the Sympa daemon via
a malformed email message (CVE-2008-1648).
The updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 4.0
655a68493320ad7bb781763f2e772a8f corporate/4.0/i586/sympa-5.1.0-2.1.20060mlcs4.i586.rpm 2abfb52172b7becbb926bd6cf8f63693 corporate/4.0/SRPMS/sympa-5.1.0-2.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
6e2632d45d6f4474665457aef2d7574f corporate/4.0/x86_64/sympa-5.1.0-2.1.20060mlcs4.x86_64.rpm 2abfb52172b7becbb926bd6cf8f63693 corporate/4.0/SRPMS/sympa-5.1.0-2.1.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1648
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.