[pkg-kolab] Bug#648147: Possible Cause
Soren Stoutner
soren at smallbusinesstech.net
Fri Jan 6 22:04:48 UTC 2012
It is possible that this bug is the same as the one referenced below. It does
seem to crash in the middle of an IMAP connection.
Package : cyrus-imapd-2.2
Vulnerability : NULL pointer dereference
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2011-3481
It was discovered that cyrus-imapd, a highly scalable mail system designed
for use in enterprise environments, is not properly parsing mail headers
when a client makes use of the IMAP threading feature. As a result, a NULL
pointer is dereferenced which crashes the daemon. An attacker can trigger
this by sending a mail containing crafted reference headers and access the
mail with a client that uses the server threading feature of IMAP.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.2.13-14+lenny6.
For the stable distribution (squeeze), this problem has been fixed in
version 2.2.13-19+squeeze3.
For the testing (wheezy) and unstable (sid) distributions, this problem has
been
fixed in cyrus-imapd-2.4 version 2.4.11-1.
We recommend that you upgrade your cyrus-imapd-2.2 packages.
--
Soren Stoutner
Small Business Tech Solutions
623-262-6169
soren at smallbusinesstech.net
www.smallbusinesstech.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-kolab-devel/attachments/20120106/0984af42/attachment.pgp>
More information about the pkg-kolab-devel
mailing list