RHSA-2011:1317: Important: cyrus-imapd security update
First published: Mon Sep 19 2011(Updated: )
The cyrus-imapd packages contain a high-performance mail server with IMAP,<br>POP3, NNTP, and Sieve support.<br>A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A<br>remote user able to use the nntpd service could use this flaw to crash the<br>nntpd child process or, possibly, execute arbitrary code with the<br>privileges of the cyrus user. (CVE-2011-3208)<br>Red Hat would like to thank Greg Banks for reporting this issue.<br>Users of cyrus-imapd are advised to upgrade to these updated packages,<br>which contain a backported patch to correct this issue. After installing<br>the update, cyrus-imapd will be restarted automatically.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cyrus-imapd | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-debuginfo | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-debuginfo | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-devel | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-devel | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-utils | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd-utils | <2.3.16-6.el6_1.3 | 2.3.16-6.el6_1.3 |
| redhat/cyrus-imapd | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-devel | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-devel | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-perl | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-utils | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-perl | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd-utils | <2.3.7-12.el5_7.1 | 2.3.7-12.el5_7.1 |
| redhat/cyrus-imapd | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-devel | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-murder | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-nntp | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-utils | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-devel | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-murder | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-nntp | <2.2.12-16.el4 | 2.2.12-16.el4 |
| redhat/cyrus-imapd-utils | <2.2.12-16.el4 | 2.2.12-16.el4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-errata
- anchor-id/RHSA-2011:1317
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- package-manager/redhat