[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SECURITY: Important fixes for IMAP




The IMAP servers included with all versions of Red Hat Linux have a buffer
overrun which allow *remote* users to gain root access on systems which run
them. A fix for Red Hat 4.1 is now avaialble (details on it at the end of this
note).

Users of Red Hat 4.0 should apply the Red Hat 4.1 fix. Users of previous
releases of Red Hat Linux are strongly encouraged to upgrade or simply
not run imap. You can remove imap from any machine running with Red
Hat Linux 2.0 or later by running the command "rpm -e imap", rendering them
immune to this problem.

All of the new packages are PGP signed with Red Hat's PGP key and may be
obtained from ftp.redhat.com:/updates/4.1. If you have direct Internet
access, you may upgrade these packages on your system with the following
command: 

rpm -Uvh ftp://ftp2.linux.org.il/pub/linux/redhat/redhat-4.1/updates/i386/imap-4.1.BETA-3.i386.rpm