GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Oct 22, 2011 6:26 am Post subject: [ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabiliti |
 |
|
Gentoo Linux Security Advisory
Title: Cyrus IMAP Server: Multiple vulnerabilities (GLSA 201110-16)
Severity: high
Exploitable: local, remote
Date: October 22, 2011
Bug(s): #283596, #382349, #385729
ID: 201110-16
Synopsis
The Cyrus IMAP Server is affected by multiple vulnerabilities which
could potentially lead to the remote execution of arbitrary code or a
Denial of Service.
Background
The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
server.
Affected Packages
Package: net-mail/cyrus-imapd
Vulnerable: < 2.4.12
Unaffected: >= 2.4.12
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in the Cyrus IMAP Server.
Please review the CVE identifiers referenced below for details.
Impact
An unauthenticated local or remote attacker may be able to execute
arbitrary code with the privileges of the Cyrus IMAP Server process or
cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Cyrus IMAP Server users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12"
|
References
CVE-2009-2632
CVE-2011-3208
CVE-2011-3481 |
|
News & Announcements
