Joined: 12 May 2004
|Posted: Sat Oct 22, 2011 6:26 am Post subject: [ GLSA 201110-16 ] Cyrus IMAP Server: Multiple vulnerabiliti
|Gentoo Linux Security Advisory
Title: Cyrus IMAP Server: Multiple vulnerabilities (GLSA 201110-16)
Exploitable: local, remote
Date: October 22, 2011
Bug(s): #283596, #382349, #385729
The Cyrus IMAP Server is affected by multiple vulnerabilities which
could potentially lead to the remote execution of arbitrary code or a
Denial of Service.
The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
Vulnerable: < 2.4.12
Unaffected: >= 2.4.12
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in the Cyrus IMAP Server.
Please review the CVE identifiers referenced below for details.
An unauthenticated local or remote attacker may be able to execute
arbitrary code with the privileges of the Cyrus IMAP Server process or
cause a Denial of Service.
There is no known workaround at this time.
All Cyrus IMAP Server users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.4.12"