Fedora Legacy Test Update Notification: imap

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Mar 8 03:20:20 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2443
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2443
2005-03-07
---------------------------------------------------------------------

Name        : imap
Versions    : rh7.3: imap-2001a-10.1.legacy
Versions    : rh9: imap-2001a-18.1.legacy
Versions    : fc1: imap-2002d-3.1.legacy
Summary     : Server daemons for IMAP and POP network mail protocols.
Description :
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols. The POP protocol uses a "post office" machine to collect
mail for users and allows users to download their mail to their local
machine for reading. The IMAP protocol allows a user to read mail on a
remote machine without downloading it to their local machine.

---------------------------------------------------------------------
Update Information:

Updated imap packages that fix security issues are now available.

The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols.

A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297
to this issue.

A logic error in the CRAM-MD5 code in the University of Washington IMAP
(UW-IMAP) server was discovered. When Challenge-Response Authentication
Mechanism with MD5 (CRAM-MD5) is enabled, UW-IMAP does not properly enforce
all the required conditions for successful authentication, which could
allow remote attackers to authenticate as arbitrary users. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0198 to this issue.

Users of imap are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2001a-10.1.legacy
- Added security patch for CAN-2003-0297

rh9:
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2001a-18.1.legacy
- Added security patch for CAN-2003-0297

fc1:
* Thu Mar 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca> 
1:2002d-3.1.legacy
- Added patch for CAN-2005-0198

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
3dac230d4b4ed898d1adaf3e58ce5b13e80159dc 
redhat/7.3/updates-testing/i386/imap-2001a-10.1.legacy.i386.rpm
766f42e2292693d1b0500dc151823d13382595c5 
redhat/7.3/updates-testing/i386/imap-devel-2001a-10.1.legacy.i386.rpm
787996b44c48692932c345e72d32b4460576570e 
redhat/7.3/updates-testing/SRPMS/imap-2001a-10.1.legacy.src.rpm

rh9:
f4998e31f0121b54e6b618007a6c1a7ff8a08182 
redhat/9/updates-testing/i386/imap-2001a-18.1.legacy.i386.rpm
d99cd4c0c0c83328a309c0263682dfbaa4e752ed 
redhat/9/updates-testing/i386/imap-devel-2001a-18.1.legacy.i386.rpm
6f8cac716e78dfcfe307dc5b4db6c604e2f47049 
redhat/9/updates-testing/SRPMS/imap-2001a-18.1.legacy.src.rpm

fc1:
69ef237bbd50fc425e00be7093d3de1ddd919de1 
fedora/1/updates-testing/i386/imap-2002d-3.1.legacy.i386.rpm
028d73692c13e4182788605987d246629e24df07 
fedora/1/updates-testing/i386/imap-devel-2002d-3.1.legacy.i386.rpm
732db7ca229fc939456a2db14ae65c46f2fd7586 
fedora/1/updates-testing/SRPMS/imap-2002d-3.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050307/d9744c34/attachment.sig>

More information about the fedora-legacy-list mailing list