Advisories | Mandriva

Navigation

Package name	php-imap
Date	October 26th, 2005
Advisory ID	MDKSA-2005:194
Affected versions	10.1, CS2.1, CS3.0, 10.2, 2006.0

Problem Description

"infamous41md" discovered a buffer overflow in uw-imap, the
University of Washington's IMAP Server that allows attackers to
execute arbitrary code.

php-imap is compiled against the static c-client libs from imap.
These packages have been recompiled against the updated imap
development packages.

Updated Packages

Mandrakelinux 10.1

 959a1497572aa4f2871b6d2650795883  10.1/RPMS/php-imap-4.3.8-1.1.101mdk.i586.rpm
 b41e8d05335694fa522c403c96ca3987  10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 ebe83f9574925da13ddd1f4b75688fa8  x86_64/10.1/RPMS/php-imap-4.3.8-1.1.101mdk.x86_64.rpm
 b41e8d05335694fa522c403c96ca3987  x86_64/10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm

Corporate Server 2.1

 9be9a883ded639585446c6d5de663421  corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.i586.rpm
 4ac16712b0354cd3a3a900a531d18f75  corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 03a4ef56e03fc2ca25a3234af2f3da17  x86_64/corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.x86_64.rpm
 4ac16712b0354cd3a3a900a531d18f75  x86_64/corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm

Corporate Server 3.0

 fdd36f4022e376a0df36260ae27d76f1  corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.i586.rpm
 8321651ffc58801ca272b98e64a385d0  corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 44c3cdadf20366f41536cbdc2c1e1748  x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.x86_64.rpm
 8321651ffc58801ca272b98e64a385d0  x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm

Mandriva Linux LE2005

 7ea50a18385970beb115e262c35bc2fa  10.2/RPMS/php-imap-4.3.10-6.1.102mdk.i586.rpm
 78fa0456168d2156594aac90a196cd2b  10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 fe794754ac58a7f91bffb071175d2176  x86_64/10.2/RPMS/php-imap-4.3.10-6.1.102mdk.x86_64.rpm
 78fa0456168d2156594aac90a196cd2b  x86_64/10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm

Mandriva Linux 2006

 7ebb8d2b7e9c2c876f4fde7c830aaa45  2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.i586.rpm
 422822aaad1b121dc6cffbea414b33e3  2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 9217687789293eaaca8a66b44c00f196  x86_64/2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.x86_64.rpm
 422822aaad1b121dc6cffbea414b33e3  x86_64/2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.