SECURITY: Important fixes for IMAP

[ewt () REDHAT COM (Erik Troan)]

-----BEGIN PGP SIGNED MESSAGE-----


The IMAP servers included with all versions of Red Hat Linux have a buffer
overrun which allow *remote* users to gain root access on systems which run
them. A fix for Red Hat 4.1 is now avaialble (details on it at the end of this
note).

Users of Red Hat 4.0 should apply the Red Hat 4.1 fix. Users of previous
releases of Red Hat Linux are strongly encouraged to upgrade or simply
not run imap. You can remove imap from any machine running with Red
Hat Linux 2.0 or later by running the command "rpm -e imap", rendering them
immune to this problem.

All of the new packages are PGP signed with Red Hat's PGP key (as is
this message), and may be obtained from ftp.redhat.com:/updates/4.1. If
you have direct Internet access, you may upgrade these packages on your
system with the following commands:

Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/4.1/i386/imap-4.1.BETA-3.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.1/alpha/imap-4.1.BETA-3.alpha.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.1/sparc/imap-4.1.BETA-3.sparc.rpm

Erik

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMxs/AaUg6PHLopv5AQG/ywQAilkPes+iLTI1r7HXRVeZawC3kjRbZAyx
3FcqswteuL482UeZadZoVo9cu0mnwhsjRAMkqs1hF+PgHGmUniR4JymdtIYTPXHa
urZww4fc0A5AIeLwWEPStARipXk3jKDS3VPgKRd8EtQDaj8qAknGIfDBz/ZfFwV2
Aj4cF+TTKJY=
=GfS1
-----END PGP SIGNATURE-----