Please fix this as soon as possible since this is a root security
hole. Please also check whether woody is vulnerable, I did not do
this.
My changelog:
------------------- snip -----------------
cyrus21-imapd (2.1.16-10ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: fix several potential buffer overflows
* imap/imapd.c:
- cmd_fetch(), cmd_partial(): fixed insufficient checking of the command
string: the command "body[p"/"BODY[P" was recognized as "body.peek"/"BODY.PEEK" which caused an incrementation of the command
buffer pointer beyond the allocated memory
- fixed two incarnations of "flag[nflags++] = xstrdup(...)"; the value of
nflags within functions called by xstrdup() is undefined and different
gcc versions handle this differently
* Note: this version is not vulnerable to CAN-2004-1011
* References:
CAN-2004-1012, CAN-2004-1013 http://security.e-matters.de/advisories/152004.html
------------------- snip -----------------
Package: cyrus21-imapd
Version: 2.1.16-10
Severity: critical
Tags: security patch
Justification: root security hole
Hi!
At least sarge's and sid's versions are vulnerable to above CANs and
some additional issue described in
http:// security. e-matters. de/advisories/ 152004. html
I fixed Ubuntu using the interdiff at
http:// patches. ubuntu. com/patches/ cyrus21- imapd.CAN- 2004-1012+ 13.diff
Please fix this as soon as possible since this is a root security
hole. Please also check whether woody is vulnerable, I did not do
this.
My changelog:
------------------- snip -----------------
"body.peek" /"BODY. PEEK" which caused an incrementation of the command security. e-matters. de/advisories/ 152004. html
cyrus21-imapd (2.1.16-10ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: fix several potential buffer overflows
* imap/imapd.c:
- cmd_fetch(), cmd_partial(): fixed insufficient checking of the command
string: the command "body[p"/"BODY[P" was recognized as
buffer pointer beyond the allocated memory
- fixed two incarnations of "flag[nflags++] = xstrdup(...)"; the value of
nflags within functions called by xstrdup() is undefined and different
gcc versions handle this differently
* Note: this version is not vulnerable to CAN-2004-1011
* References:
CAN-2004-1012, CAN-2004-1013
http://
------------------- snip -----------------
Thanks,
Martin
-- System Information: de_DE.UTF- 8
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=de_DE.UTF-8, LC_CTYPE=
-- www.piware. de www.ubuntulinux .org www.debian. org
Martin Pitt http://
Ubuntu Developer http://
Debian GNU/Linux Developer http://