The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and SIEVE support.
It was discovered that the Cyrus SASL library (cyrus-sasl) does not always
reliably terminate output from the sasl_encode64() function used by
programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on
this function’s output being properly terminated. Under certain conditions,
improperly terminated output from sasl_encode64() could, potentially, cause
cyrus-imapd to crash, disclose portions of its memory, or lead to SASL
authentication failures. (CVE-2009-0688)
Users of cyrus-imapd are advised to upgrade to these updated packages,
which resolve this issue. After installing the update, cyrus-imapd will be
restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | cyrus-imapd | < 2.3.7-2.el5_3.2 | cyrus-imapd-2.3.7-2.el5_3.2.x86_64.rpm |
RedHat | 5 | s390 | cyrus-imapd-devel | < 2.3.7-2.el5_3.2 | cyrus-imapd-devel-2.3.7-2.el5_3.2.s390.rpm |
RedHat | 4 | ia64 | perl-cyrus | < 2.2.12-10.el4_8.1 | perl-Cyrus-2.2.12-10.el4_8.1.ia64.rpm |
RedHat | 5 | ia64 | cyrus-imapd-perl | < 2.3.7-2.el5_3.2 | cyrus-imapd-perl-2.3.7-2.el5_3.2.ia64.rpm |
RedHat | 5 | ia64 | cyrus-imapd-devel | < 2.3.7-2.el5_3.2 | cyrus-imapd-devel-2.3.7-2.el5_3.2.ia64.rpm |
RedHat | 4 | ppc | perl-cyrus | < 2.2.12-10.el4_8.1 | perl-Cyrus-2.2.12-10.el4_8.1.ppc.rpm |
RedHat | 5 | ia64 | cyrus-imapd-utils | < 2.3.7-2.el5_3.2 | cyrus-imapd-utils-2.3.7-2.el5_3.2.ia64.rpm |
RedHat | 4 | x86_64 | cyrus-imapd-nntp | < 2.2.12-10.el4_8.1 | cyrus-imapd-nntp-2.2.12-10.el4_8.1.x86_64.rpm |
RedHat | 4 | src | cyrus-imapd | < 2.2.12-10.el4_8.1 | cyrus-imapd-2.2.12-10.el4_8.1.src.rpm |
RedHat | 4 | ppc | cyrus-imapd-devel | < 2.2.12-10.el4_8.1 | cyrus-imapd-devel-2.2.12-10.el4_8.1.ppc.rpm |