[2011] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: IMAPD fix for RH

daemon@ATHENA.MIT.EDU (Richard Stevenson)
Tue Jul 21 02:12:09 1998

From: "Richard Stevenson" <richard@al.pmail.gen.nz>
To: linux-security@redhat.com
Date: Tue, 21 Jul 1998 17:48:25 +1200
In-reply-to: <199807210326.XAA01541@chef.redhat.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On 20 Jul 98, at 23:26, djb@redhat.com said this about [linux-security] Re: IMAPD fix for RH:

> > It appears that uninstalling the imap rpm uninstalls the pop mail service as
> > well, or at least disables it.  Is this uncool?  Is it safe to leave it
> > installed (but removed from inetd.conf) for the sake of keeping pop service in
> > place?
> 
> I'm not sure, actually.  The POP code comes from the imap package, so
> presumably you need to updated it *all* if you use any of it to make
> sure you are safe from attack.  

The overflow in this case appears to be in an IMAP-specific 
authentication mechanism, and so shouldn't affect the POP 
daemons.  I upgraded the lot anyway :-))

Cheers

Richard

--
Richard Stevenson
richard@al.pmail.gen.nz
PGP Key ID 0x0E5A2DD5
fingerprint = 7B DD 1C 51 76 05 A1 42  44 2E DD 61 78 DB 2D 07

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post