Cyrus IMSPd 1.6a5 and 1.7a Released

Rob Siemborski rjs3 at andrew.cmu.edu
Mon Jan 19 12:48:37 EST 2004


This message is to announce the release of Cyrus IMSPd 1.6a4 and 1.7a on
ftp.andrew.cmu.edu.

This release corrects an error in literal parsing that results in a
potentially exploitable heap overflow.  As is often the case after a
security vulnerability is found, increased code auditing finds another
one, as is the case here.

All sites are urged to upgrade as soon as possible.

ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a5.tar.gz
ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7b.tar.gz
and
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.6a5.tar.gz
http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imspd-v1.7b.tar.gz

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski | Andrew Systems Group * Research Systems Programmer
PGP:0x5CE32FCC | Cyert Hall 207 * rjs3 at andrew.cmu.edu * 412.268.7456
-----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS/IT/CM/PA d- s+: a-- C++++$ ULS++++$ P+++$ L+++ E W+ N(-) o? K- w-- O-
M-- V-- PS+ PE+ Y+ PGP+ t+@ 5+++ X- R@ tv-- b+ DI+++ D++ G e++ h+ r- y?
------END GEEK CODE BLOCK-----





More information about the Cyrus-announce mailing list