| |||||||||||||
Trustix alert 2002-0054 (imap)From: tsl@trustix.com (Trustix Secure Linux Advisor) To: tsl-announce@trustix.org Subject: TSL-2002-0054 - imap Date: Thu, 6 Jun 2002 16:03:00 +0200 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Bugfix Advisory #2002-0054 Package name: imap Summary: Minor bugfix Date: 2002-06-06 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: A buffer overflow bug is found in th uw-imap package: A malicious user may be able to construct a malformed request which will overflow an internal buffer, and run code on the server with uid/gid of the e-mail owner. TSL is not vulnerable to this bug, due to compile-time options, but we like to upgrade the packages anyway. Action: We recommend that all systems with this package installed are upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0054-imap.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 7e20886bbb7d36466f7e5332b897b907 ./1.5/SRPMS/imap-2001a-2tr.src.rpm be674ea36e9b62a6d5db09f7c847b1ce ./1.5/RPMS/imap-devel-2001a-2tr.i586.rpm 6d7f38bdebd89c60c6e824a1b3a0d31c ./1.5/RPMS/imap-2001a-2tr.i586.rpm 7e20886bbb7d36466f7e5332b897b907 ./1.2/SRPMS/imap-2001a-2tr.src.rpm 762f5a82e55d987c5b62629c497eb521 ./1.2/RPMS/imap-devel-2001a-2tr.i586.rpm 04ab52772387959d05e5dcb25a678be3 ./1.2/RPMS/imap-2001a-2tr.i586.rpm 7e20886bbb7d36466f7e5332b897b907 ./1.1/SRPMS/imap-2001a-2tr.src.rpm ecfa79b30289ac0edd692e17cca86ace ./1.1/RPMS/imap-devel-2001a-2tr.i586.rpm fb8b81c85e4c9c84e3f424d600bc7e1b ./1.1/RPMS/imap-2001a-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8/zvuwRTcg4BxxS0RAgBIAJ9JyQoI3SbcI7h5/+iVITdduxmAAQCfWCaV QN6DJJRd9y5SHhl3venEECI= =ogkH -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce (Log in to post comments)
|
|||||||||||||