(RHSA-2009:0275) Moderate: imap security update

2009-02-19T05:00:00
ID RHSA-2009:0275
Type redhat
Reporter RedHat
Modified 2018-05-26T04:26:17

Description

The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols.

A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. (CVE-2008-5005)

Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue.