Bug 139382
Summary: | CAN-2004-1011 Multiple issues in cyrus-imapd (CAN-2004-1012 CAN-2004-1013 CAN-2004-1015) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> | ||||||||
Component: | cyrus-imapd | Assignee: | John Dennis <jdennis> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 3 | CC: | redhat, security-response-team, troels | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2004-12-07 10:43:22 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Josh Bressers
2004-11-15 17:54:12 UTC
This issue is currently under embargo. The exact release date is not yet known, but it is expected to be soon as the cyrus-imapd upstream wishes to release sometime this week. Developer please follow guidelines for creating an embargoed Fedora branch before commmitting any fix. Created attachment 106730 [details]
Proposed patch for this issue.
Created attachment 106927 [details]
Patch from upstream.
According to upstream:
2.2.9 will be in testing by the end of the week and if no problems are
found will be released Monday.
Created attachment 107302 [details]
Latest patch for this issue plus a bit more.
It has been discovered that a very similar buffer overflow exists in Proxyd.c
This patch contains the full complete fix for this issue.
Upstream plans to release version 2.2.10 later today to address these new issues. *** Bug 140617 has been marked as a duplicate of this bug. *** Removing embargo. Marked demo as private. FYI: cyrus-imapd-2.2.10-1.RHEL4.1 has been built into RHEL4. However, please note I have not yet installed and tested this version therefore it would premature to update anything yet. FWIW this rpm should install on either FC3 or RHEL4. What is the current status of the updates? FC2 needs an update, too. RE comment #15, 2.2.10 has been built for both FC2 and FC3, both are currently working their way through the release process. I expect you'll see the updates in a few hours. Was released 20041201 as FEDORA-2004-489, FEDORA-2004-487 |