Fedora Legacy Test Update Notification: libc-client

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Mar 16 01:33:49 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-184098
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184098
2006-03-15
---------------------------------------------------------------------

Name        : libc-client
Versions    : fc2: libc-client-2002e-5.1.legacy
Summary     : C-client mail access routines for IMAP and POP protocols
Description :
C-client is a common API for accessing mailboxes. It is used internally
by the popular PINE mail reader, the University of Washington's IMAP
server and PHP.

---------------------------------------------------------------------
Update Information:

Updated libc-client packages that fix a buffer overflow issue are now
available.

C-client is a common API for accessing mailboxes.

A buffer overflow flaw was discovered in the way C-client parses user
supplied mailboxes. If an authenticated user requests a specially
crafted mailbox name, it may be possible to execute arbitrary code on a
server that uses C-client to access mailboxes. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2933 to this issue.

All users of libc-client should upgrade to these updated packages, which
contain a backported patch that resolves this issue.

---------------------------------------------------------------------
Changelogs

fc2:
* Tue Mar 07 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2002e-5.1.legacy
- apply fix for CVE-2005-2933: buffer overflow

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc2:
5232f6a722f64fac4c5e09ca3d34a8e5d33192ed
fedora/2/updates-testing/i386/libc-client-2002e-5.1.legacy.i386.rpm
5e03f3725e30f607708e8da1e9c1537d6e929a29
fedora/2/updates-testing/i386/libc-client-devel-2002e-5.1.legacy.i386.rpm
489cbea579ce3fece1527c68df20f24e8c9bfe75
fedora/2/updates-testing/SRPMS/libc-client-2002e-5.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/67e4a309/attachment.sig>

More information about the fedora-legacy-list mailing list