--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2002-96
http://www/turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Imap
Buffer overflow problem
Release date : 2002-12-25
Solution: package : imap-2002ac.dev-4
Problem
* Imap vulnerability of buffer overflow exists in the server.
There is a possibility of an optional command being executed with authority of the user who logs in.
Solution:
Using turbopkg command, please do automatic operation update.
When there is a necessity only, update is done automatically.
Use the following command to verify the version currently installed.
# rpm -qa | grep package name
When automatic operation update is used, those which are presently are installed update all objects.
Select the package, and use the rpm command to select when you would like to update.
Execution example
---------------------------------------------------------------------
1. In super user modification
$ su -
2. Password of super user input
Password:
3. Starting the turbopkg
# turbopkg
4. Menu selection
" Update "
" FTP server "
" Update sight "
Optional sight selection
5. In general user modification
# exit
---------------------------------------------------------------------
< Turbolinux 8 Server >
< Turbolinux 8 Workstation >
< Turbolinux 7 Server >
< Turbolinux 7 Workstation >
imap-2002a.DEV-4.i586.rpm
imap-devel-2002a.DEV-4.i586.rpm
< Turbolinux Server 6.5 >
< Turbolinux Advanced Server 6 >
< Turbolinux Server 6.1 >
< Turbolinux Workstation 6.0 >
imap-2002a.DEV-4.i386.rpm
imap-devel-2002a.DEV-4.i386.rpm
* Upon the maintenance of our company FTP sight, we determined that update of the turbopkg is neccesary. Details the below-mentioned URL reference.
http://www.turbolinux.co.jp/download/zabom.html
Package updates:
http://www.turbolinux.co.jp/update/