[2011] in linux-security and linux-alert archive
[linux-security] Re: IMAPD fix for RH
daemon@ATHENA.MIT.EDU (Richard Stevenson)
Tue Jul 21 02:12:09 1998
From: "Richard Stevenson" <richard@al.pmail.gen.nz>
To: linux-security@redhat.com
Date: Tue, 21 Jul 1998 17:48:25 +1200
In-reply-to: <199807210326.XAA01541@chef.redhat.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On 20 Jul 98, at 23:26, djb@redhat.com said this about [linux-security] Re: IMAPD fix for RH:
> > It appears that uninstalling the imap rpm uninstalls the pop mail service as
> > well, or at least disables it. Is this uncool? Is it safe to leave it
> > installed (but removed from inetd.conf) for the sake of keeping pop service in
> > place?
>
> I'm not sure, actually. The POP code comes from the imap package, so
> presumably you need to updated it *all* if you use any of it to make
> sure you are safe from attack.
The overflow in this case appears to be in an IMAP-specific
authentication mechanism, and so shouldn't affect the POP
daemons. I upgraded the lot anyway :-))
Cheers
Richard
--
Richard Stevenson
richard@al.pmail.gen.nz
PGP Key ID 0x0E5A2DD5
fingerprint = 7B DD 1C 51 76 05 A1 42 44 2E DD 61 78 DB 2D 07
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null