(RHSA-2009:1116) Important: cyrus-imapd security update

2009-06-1800:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.264 Low

EPSS

Percentile

96.3%

JSON

The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and SIEVE support.

It was discovered that the Cyrus SASL library (cyrus-sasl) does not always
reliably terminate output from the sasl_encode64() function used by
programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on
this function’s output being properly terminated. Under certain conditions,
improperly terminated output from sasl_encode64() could, potentially, cause
cyrus-imapd to crash, disclose portions of its memory, or lead to SASL
authentication failures. (CVE-2009-0688)

Users of cyrus-imapd are advised to upgrade to these updated packages,
which resolve this issue. After installing the update, cyrus-imapd will be
restarted automatically.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64cyrus-imapd< 2.3.7-2.el5_3.2cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
RedHat5s390cyrus-imapd-devel< 2.3.7-2.el5_3.2cyrus-imapd-devel-2.3.7-2.el5_3.2.s390.rpm
RedHat4ia64perl-cyrus< 2.2.12-10.el4_8.1perl-Cyrus-2.2.12-10.el4_8.1.ia64.rpm
RedHat5ia64cyrus-imapd-perl< 2.3.7-2.el5_3.2cyrus-imapd-perl-2.3.7-2.el5_3.2.ia64.rpm
RedHat5ia64cyrus-imapd-devel< 2.3.7-2.el5_3.2cyrus-imapd-devel-2.3.7-2.el5_3.2.ia64.rpm
RedHat4ppcperl-cyrus< 2.2.12-10.el4_8.1perl-Cyrus-2.2.12-10.el4_8.1.ppc.rpm
RedHat5ia64cyrus-imapd-utils< 2.3.7-2.el5_3.2cyrus-imapd-utils-2.3.7-2.el5_3.2.ia64.rpm
RedHat4x86_64cyrus-imapd-nntp< 2.2.12-10.el4_8.1cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
RedHat4srccyrus-imapd< 2.2.12-10.el4_8.1cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
RedHat4ppccyrus-imapd-devel< 2.2.12-10.el4_8.1cyrus-imapd-devel-2.2.12-10.el4_8.1.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	x86_64	cyrus-imapd	< 2.3.7-2.el5_3.2	cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm
RedHat	5	s390	cyrus-imapd-devel	< 2.3.7-2.el5_3.2	cyrus-imapd-devel-2.3.7-2.el5_3.2.s390.rpm
RedHat	4	ia64	perl-cyrus	< 2.2.12-10.el4_8.1	perl-Cyrus-2.2.12-10.el4_8.1.ia64.rpm
RedHat	5	ia64	cyrus-imapd-perl	< 2.3.7-2.el5_3.2	cyrus-imapd-perl-2.3.7-2.el5_3.2.ia64.rpm
RedHat	5	ia64	cyrus-imapd-devel	< 2.3.7-2.el5_3.2	cyrus-imapd-devel-2.3.7-2.el5_3.2.ia64.rpm
RedHat	4	ppc	perl-cyrus	< 2.2.12-10.el4_8.1	perl-Cyrus-2.2.12-10.el4_8.1.ppc.rpm
RedHat	5	ia64	cyrus-imapd-utils	< 2.3.7-2.el5_3.2	cyrus-imapd-utils-2.3.7-2.el5_3.2.ia64.rpm
RedHat	4	x86_64	cyrus-imapd-nntp	< 2.2.12-10.el4_8.1	cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm
RedHat	4	src	cyrus-imapd	< 2.2.12-10.el4_8.1	cyrus-imapd-2.2.12-10.el4_8.1.src.rpm
RedHat	4	ppc	cyrus-imapd-devel	< 2.2.12-10.el4_8.1	cyrus-imapd-devel-2.2.12-10.el4_8.1.ppc.rpm