The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.
None, please install the updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | i586 | imap-2002e | < 92.4 | imap-2002e-92.4.i586.rpm |
openSUSE | 9.0 | x86_64 | imap | < 2002d-59 | imap-2002d-59.x86_64.rpm |
openSUSE | 9.2 | x86_64 | imap-2004a | < 3.2 | imap-2004a-3.2.x86_64.rpm |
openSUSE | 8.2 | i586 | imap | < 2002-56 | imap-2002-56.i586.rpm |
openSUSE | 9.1 | x86_64 | imap-2002e | < 92.4 | imap-2002e-92.4.x86_64.rpm |
openSUSE | 9.0 | i586 | imap | < 2002d-59 | imap-2002d-59.i586.rpm |
openSUSE | 9.2 | i586 | imap-2004a | < 3.2 | imap-2004a-3.2.i586.rpm |