Cyrus IMAPD, Sun Java vulnerabilities
Rob Myers
rob.myers at gtri.gatech.edu
Fri Dec 3 15:54:13 UTC 2004
neither RedHat 7.3, 9 Fedora Core 1 included Sun Java. an updated Sun
Java is available from Sun and jpackage.org.
IIRC, cyrus-imapd was added from Fedora Extras to Fedora Core 2.
earlier releases did not include it.
rob.
On Fri, 2004-12-03 at 10:24, Jeff Sheltren wrote:
> I'm not sure on Cyrus, but I don't think RedHat/Fedora has included Sun Java
> in any release.
>
> -Jeff
>
>
> On 12/3/04 7:11 AM, "John Dalbec" <jpdalbec at ysu.edu> wrote:
>
> > Do these issues apply to -legacy?
> >
> > 04.47.8 CVE: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013,
> > CAN-2004-1015
> > Platform: Unix
> > Title: Cyrus IMAPD Multiple Remote Vulnerabilities
> > Description: Cyrus IMAPD is an IMAP daemon. It is reported to be
> > vulnerable to multiple remote buffer overflow issues. Cyrus IMAPD
> > versions 2.2.4 to 2.2.8 are reported to be vulnerable.
> > Ref: http://security.e-matters.de/advisories/152004.html
> >
> > 04.47.13 CVE: CAN-2004-1029
> > Platform: Cross Platform
> > Title: Sun Java Plug-in Security Restriction Bypass
> > Description: Java Plug-in technology, part of the Java 2 Runtime
> > Environment (JRE), establishes a connection between popular browsers
> > and the Java platform. It is possible to bypass the Java sandbox and
> > all security restrictions imposed within Java Applets to execute
> > malicious applets and gain full control. Sun Java 2 Platform, Standard
> > Edition (J2SE) versions 1.4.2_01 and 1.4.2_04 are known to be
> > vulnerable.
> > Ref:
> > http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
> >
> > --
> > fedora-legacy-list mailing list
> > fedora-legacy-list at redhat.com
> > http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
More information about the fedora-legacy-list
mailing list