Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] imapd (SSA:2005-310-06)
Date: Sun, 6 Nov 2005 13:04:13 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  imapd (SSA:2005-310-06)

New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix (an alleged) security issue.  See the details
below for more information.  Also, new Pine packages are provided since
these are built together...  why not?  Might as well upgrade that too,
while I'm fixing the fake security problem.  :-)


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/


MD5 signatures:
+-------------+

Slackware 8.1 packages:
78d3d037b97f17c111072c5d4c38e9f2  imapd-4.64-i386-1.tgz
1c85ca280ccc67126bc6dc1dca975627  pine-4.64-i386-1.tgz

Slackware 9.0 packages:
b7441e48990c943a407e624297462bcf  imapd-4.64-i386-1.tgz
511f23cdfad804091c2cd19535049921  pine-4.64-i386-1.tgz

Slackware 9.1 packages:
7a2ad708d914c8b5a87bdeefa008c85b  imapd-4.64-i486-1.tgz
2b9d497ab55f4d3ffaf5f9e14a4d8b7b  pine-4.64-i486-1.tgz

Slackware 10.0 packages:
87c82d442781a04cf0f9fd5e49e22732  imapd-4.64-i486-1.tgz
d311d9f79910d828511e5509de6215f2  pine-4.64-i486-1.tgz

Slackware 10.1 packages:
445d1414e92aaf236d277f09cff074ea  imapd-4.64-i486-1.tgz
ed694c28eae7fb967a510b8c71137ceb  pine-4.64-i486-1.tgz

Slackware 10.2 packages:
1e74b74199a891851347f05f77585c35  imapd-4.64-i486-1.tgz
874997ce55e5700854fcdd4b5c8cbe8d  pine-4.64-i486-1.tgz

Slackware -current packages:
874997ce55e5700854fcdd4b5c8cbe8d  pine-4.64-i486-1.tgz
1e74b74199a891851347f05f77585c35  imapd-4.64-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg pine-4.64-i486-1.tgz imapd-4.64-i486-1.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFDbm40akRjwEAQIjMRAkTpAJ9JeGmupcQm2EERlmcYg1n8VGDGRwCcDWWU
xMQbSLRFo4tBROPwJxdb6FQ=
=lOeD
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.