Several buffer overflow vulnerabilities have been found in the UW-IMAP
package by the authors and independant groups. These vulnerabilities
can be exploited only once a user has authenticated which limits the
extent of the vulnerability to a remote shell with that user's
permissions. On systems where the user already has a shell, nothing
new will be provided to that user, unless the user has only local shell
access. On systems where the email accounts do not provide shell
access, however, the problem is much greater.
6bf29864715e9a7fcfca87fcbba9774f 7.1/RPMS/imap-2000c-4.6mdk.i586.rpm a0868dc57cf7ce8a39baeba197d44132 7.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm e574413ee56c8a30bcc907e4a3042eac 7.1/SRPMS/imap-2000c-4.6mdk.src.rpm
84255f2e48d8941a9ebfc9b96aa29485 7.2/RPMS/imap-2000c-4.5mdk.i586.rpm 641bb3f1c7a89d21826074a24f1f480f 7.2/RPMS/imap-devel-2000c-4.5mdk.i586.rpm 0e123cce424178305fb86e739c198734 7.2/SRPMS/imap-2000c-4.5mdk.src.rpm
6a452cc1dc11d0b4e463bad8ad72c76f 8.0/RPMS/imap-2000c-4.4mdk.i586.rpm b5e240934dce233b30b3b9b3dd378548 8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm 7e3c70c61268f0cc2ee129d17e363897 8.0/SRPMS/imap-2000c-4.4mdk.src.rpm
Corporate Server 1.0.1
6bf29864715e9a7fcfca87fcbba9774f 1.0.1/RPMS/imap-2000c-4.6mdk.i586.rpm a0868dc57cf7ce8a39baeba197d44132 1.0.1/RPMS/imap-devel-2000c-4.6mdk.i586.rpm e574413ee56c8a30bcc907e4a3042eac 1.0.1/SRPMS/imap-2000c-4.6mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.