Product SiteDocumentation Site

1.32.  cyrus-imapd

1.32.1.  RHSA-2009:1116: Important security update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1116
Updated cyrus-imapd packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support.
It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688)
Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically.

1.32.2.  RHBA-2009:1120: bug fix update


This update has already been released (prior to the GA of this release) as FASTRACK errata RHBA-2009:1120
Updated cyrus-imapd packages that fix several bugs are now available.
The cyrus-imapd package contains a high-performance mail server with IMAP, POP3, NNTP and SIEVE support.
These updated cyrus-imapd packages provide fixes for the following bugs:
  • attempting to connect to the update server failed and resulted in the following error messages being logged to /var/log/maillog:
    connect( failed: Invalid argument
    couldn't connect to MUPDATE server
    [IP address]: no connection to server
    FATAL: error connecting with MUPDATE server
    These updated packages correct this problem so that connecting to the update server now works as expected. (BZ#326511)
  • on systems with 64-bit architectures, cyrus-imapd experienced a segmentation fault when replication was enabled. (BZ#484377)
In addition, these updated cyrus-imapd packages provide the following enhancement:
  • more detailed information has been added to the ctl_cyrusdb(8) man page, which explains how to perform operations common to Cyrus databases. (BZ#463230)
Users are advised to upgrade to these updated cyrus-imapd packages, which resolve these issues and add this enhancement.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.