Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1459

Опубликовано: 23 сент. 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1459: cyrus-imapd security update (IMPORTANT)

[2.3.7-7.0.1.el5_4.3]

  • Enabled lm_sensors-devel build dependency for x86 and x86_64 only

[2.3.7-7.3]

  • fix more buffer overflows in cyrus sieve (CVE-2009-3235)

[2.3.7-7.2]

  • bump release for rebuild

[2.3.7-7.1]

  • fix buffer overflow in cyrus sieve (#521011)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

cyrus-imapd

2.3.7-7.0.1.el5_4.3

cyrus-imapd-devel

2.3.7-7.0.1.el5_4.3

cyrus-imapd-perl

2.3.7-7.0.1.el5_4.3

cyrus-imapd-utils

2.3.7-7.0.1.el5_4.3

Oracle Linux x86_64

cyrus-imapd

2.3.7-7.0.1.el5_4.3

cyrus-imapd-devel

2.3.7-7.0.1.el5_4.3

cyrus-imapd-perl

2.3.7-7.0.1.el5_4.3

cyrus-imapd-utils

2.3.7-7.0.1.el5_4.3

Oracle Linux i386

cyrus-imapd

2.3.7-7.0.1.el5_4.3

cyrus-imapd-devel

2.3.7-7.0.1.el5_4.3

cyrus-imapd-perl

2.3.7-7.0.1.el5_4.3

cyrus-imapd-utils

2.3.7-7.0.1.el5_4.3

Связанные CVE

CVE-2009-2632
CVE-2009-3235

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2009-3235

ubuntu
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

redhat логотип

CVE-2009-3235

redhat
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

nvd логотип

CVE-2009-3235

nvd
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

debian логотип

CVE-2009-3235

debian
почти 16 лет назад

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ...

ubuntu логотип

CVE-2009-2632

ubuntu
почти 16 лет назад

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.